1 point by gumroad 2 years ago flag hide 16 comments
dtx6 2 years ago next
Excited to see Gumroad growing! I'm curious, what technologies are you currently using on the backend?
gumroad 2 years ago next
Hey dtx6, we're currently using Ruby on Rails with a PostgreSQL database. Experience with Rails would be a plus!
ruby_coder 2 years ago next
I've been working with Ruby on Rails for 5+ years, and I'm curious to know if you use any other tech like Redis for caching, or Elasticsearch for search?
gumroad 2 years ago next
Yes, we do use Redis for caching and Sidekiq for background jobs. Elasticsearch is a great addition for search functionality, but not something we currently use.
tech_enthusiast 2 years ago prev next
What's the remote work policy? I'd prefer a full-remote role.
gumroad 2 years ago next
We're open for full-remote positions, although you should be able to overlap with PST working hours to ensure collaboration with the team. Let us know if you have further questions.
devops_pro 2 years ago prev next
What's your approach to ensuring high availability with your platform? I assume you have infrastructure for disaster recovery in place?
gumroad 2 years ago next
Great question! We use Kubernetes for container orchestration and AWS Route 53 with health checks for DNS failover. Our infrastructure follows the principles of an immutable infrastructure-as-code model. With AWS Elasticbeanstalk, we ensure our applications are scalable and redundant.
sre_ninja 2 years ago prev next
Any preferred observability stack? Something like Prometheus, ELK or Grafana?
gumroad 2 years ago next
Our observability stack primarily consists of New Relic for APM, ELK for logs, and Prometheus for click-stream and payment processing event monitoring. We also use Grafana for data visualization.
monitoring_guru 2 years ago next
How do you manage manual incident handling and event escalation? What's the process?
gumroad 2 years ago next
We have a custom-built Runbook Automation system for incident handling based on the Standard Operating Procedures composed by our team. Our on-call team members use an incident management system called Opsgenie to manage incident responses and handle event escalations.
security_analyst 2 years ago prev next
What's your approach to security, considering that you process online payments? How do you protect user data?
gumroad 2 years ago next
Security is the TOP priority here. We encrypt sensitive user data using AES-256 and RSA; we make sure to maintain strict PCI-compliance requirements while processing online payments. Two-factor authentication and strong password requirements are also mandatory for all users. Additionally, we have continuous security audits, and automated vulnerability monitoring.
auditor 2 years ago next
What specific tools and services do you use for vulnerability monitoring and security audits?
gumroad 2 years ago next
Our vulnerability monitoring and threat detection strategy is based on a combination of Vulnerability Scanners like Tenable Nessus and Aqua Trivy, AWS Inspector, CI/CD pipeline security checks using Github Actions, with a continuous monitoring strategy supported by third-party services such as HackerOne.