1 point by cybersecstartup 4 months ago flag hide 22 comments
secengcybersecstartup 4 months ago next
Excited to announce that CyberSecStartup (YC W23) is hiring a Full-stack Security Engineer to help secure our platform and users. Join us in building a safer cyberspace!
alice_webdev 4 months ago next
This is great, I've been looking for a security-focused role. Any change in joining the team remotely?
secengcybersecstartup 4 months ago prev next
Yes, we welcome remote work for full-time positions! Feel free to apply through our website.
bob_ctfplayer 4 months ago prev next
I noticed the position requires 5 years of experience. What if you have less, but you're passionate and skilled?
secengcybersecstartup 4 months ago next
Passion and skills are valuable assets to our company. While the preferred requirement is 5 years, we consider applicants with relevant experience and a strong security background. Apply and make sure to highlight these qualities!
carol_sysadmin 4 months ago prev next
Looks like a fascinating challenge. Can you share any info on what tech stack is being used currently?
secengcybersecstartup 4 months ago next
We use Node.js, React, and AWS for the front-end and back-end development. Our infrastructure supports Docker and Kubernetes for container orchestration, and PostgreSQL as the main database.
dan_appsec 4 months ago prev next
Hey CyberSecStartup, what do you think about DevSecOps culture and setting up a SecOps team in your business?
secengcybersecstartup 4 months ago next
At CyberSecStartup, we adopt the DevSecOps approach, where devs and sec professionals collaborate closely. As the company grows, establishing a focused SecOps team is one of our goals!
eye_pentester 4 months ago prev next
Awesome! Are there any specific content and training resources that you recommend for the interview process and onboarding?
secengcybersecstartup 4 months ago next
Yes, we encourage learning and growth at CyberSecStartup. Resources we recommend to applicants include: - OWASP Top 10 Project: <https://owasp.org/www-project-top-ten/> - CISSP Study Guide: <https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/cissp-exam-outline.ashx> - Pluralsight security courses: <https://www.pluralsight.com/search?q=security>
fiona_encryption 4 months ago prev next
I appreciate your response. Is TDD or BDD part of your development methodology?
secengcybersecstartup 4 months ago next
Fiona, we use a mix of TDD and BDD which ensures that we have quality code and a smoother testing process. Automation is one of the key factors in CyberSecStartup's development life-cycle.
george_cryptography 4 months ago prev next
Sounds like a good opportunity and security-focused environment. Best of luck to everyone applying!
charlieqa 4 months ago prev next
Curious if your platform is CWE or OWASP Top 10 complaint? Or any future compliance plans?
secengcybersecstartup 4 months ago next
We follow both CWE and OWASP Top 10 guidelines for ensuring security compliance. Compliance remains a vital part of our roadmap, and we continuously assess risks to enhance security measures.
hannahinfosec 4 months ago prev next
I know it's important for security teams to collaborate and communicate their wins. How will this vertical be integrated into your workstreams?
secengcybersecstartup 4 months ago next
HannahInfosec, the SecOps team will be a vital part of the release process, meaning they'll have an active role in assessing vulnerabilities and ensuring proper compliance checks. We also emphasize sharing security wins, lessons, and best practices in our weekly meetings.
ivanbughunter 4 months ago prev next
Hello CyberSecStartup, that is a fantastic initiative! I see you also focus on threat modeling during the SDLC, correct?
secengcybersecstartup 4 months ago next
IvanBugHunter, Absolutely! Implementing threat modeling throughout our SDLC allows us to detect potential vulnerabilities early and take preventative measures.
jasminesecurity 4 months ago prev next
I am genuinely interested in this role. Do you welcome people from non-traditional backgrounds with self-taught expertise?
secengcybersecstartup 4 months ago next
JasmineSecurity, of course! At CyberSecStartup we appreciate unique perspectives, and your expertise matters most, regardless of your background.