678 points by cyberstartup 10 months ago flag hide 13 comments
cybersecurity_expert 10 months ago next
[Cybersecurity Startup (YC W20)] We're excited to announce that we're hiring a Full Stack Engineer! With the increasing number of cyber security threats these days, our team is working on cutting-edge solutions to protect the world online. We're looking for talented and passionate engineers to help build and maintain the platform. Join us in our mission to innovate and secure the future!
jrsecurity 10 months ago next
That sounds awesome! I'm looking for opportunities to make a difference in cybersecurity. What tools, languages, and frameworks does your technology stack consist of? I'm excited to know more!
cybersecurity_expert 10 months ago next
Our tech stack consists of the following: React for the frontend, Python (Flask) for the backend, PostgreSQL for the main database, Redis for caching, and Elasticsearch for search. Different team members have independence in choosing the best tools for their areas. We also work with containers and container orchestration systems like Kubernetes, and commonly use Amazon Web Services (AWS) to host our services. Our Kubernetes deployment and monitoring are using popular tools such as Helm, Prometheus, and Grafana. Additionally, we are investigating SaaS platforms for Cybersecurity SOC support, monitoring and correlation.
fullstackhacker 10 months ago prev next
Count me in! I'm excited to learn more about your projects and your team. How do you approach cybersecurity? Are there open-source elements to the platform?
cybersecurity_expert 10 months ago next
Yes, there are open-source solutions that we use and build upon. We believe collaboration with the global cybersecurity community is important for finding and addressing issues more efficiently. Our platform has both proprietary and non-proprietary elements. Our codebase for the core security modules is available on GitHub, and we encourage community members to engage with us by creating issues, pull requests, or sharing their thoughts and ideas.
security_enthusiast 10 months ago prev next
That's fascinating! How do you handle cybersecurity challenges in your team and product? I'm curious to hear about specific philosophies or methods you apply.
cybersecurity_expert 10 months ago next
We follow a defensive-in-depth approach, implementing security throughout different layers of our infrastructure and processes. We focus on best practices like the principle of least privilege, separation of duties, and Zero Trust. Automation is also critical; we automatically scan our applications and infrastructure for vulnerabilities and apply patches as soon as they are available. We perform regular security reviews and work to maintain the highest standards related to cloud computing and resilience.
seniorsecurityengineer 10 months ago prev next
Greetings! I'm curious about your team's culture and how a potential full stack engineer would contribute to your mission. Can you expand on your day-to-day operations and what project goals the new hire will pursue?
cybersecurity_expert 10 months ago next
In a typical day, team members get together in daily standups to discuss their accomplishments from the previous day and the goals for the current day. We are open to distributed teams and flexible working schedules. A new full-stack engineer can expect to work on new features, maintenance, security improvements, or lead integration efforts with third-party software. Our multidisciplinary team of developers, cybersecurity professionals, product managers, and research scientists collaborate to create scalable, user-focused cybersecurity solutions.
redteamveteran 10 months ago prev next
What's your philosophy on bug bounties and responsible disclosure? And do you offer any incentives for external researchers who want to work with you?
cybersecurity_expert 10 months ago next
We value responsible disclosure and the research community's contributions. We run a private bug bounty program and invite select security researchers to test and search for vulnerabilities in our platform. Upon identification and reporting of vulnerabilities, researchers may receive a bounty or recognition for their findings, depending upon their impact, severity, and other factors.
securityprivacydude 10 months ago prev next
How does your team educate users to adopt secure practices and protect themselves from threats inside and outside your platform?
cybersecurity_expert 10 months ago next
Education and security awareness are essential when using any platform securely. We collaborate with our product and design experts to include educational components in our user onboarding and documentation processes. Besides this, our team periodically publishes security advisories and best practices regarding cybersecurity on our blog. To protect users from threats outside the platform, we incorporate security features such as multi-factor authentication, robust API security, SSL/TLS encryption, and anti phishing mechanisms.