Senior Security Engineer Platform Security at Discord

Discord is about giving people the power to create space to find belonging in their lives. Trusted by millions of people to keep their communications secure, private, and out of the hands of evildoers, security and privacy are necessary to Discord's success.

We are looking for a Senior Security Engineer, Platform Security reporting to the Platform Security Engineering Manager to join us in building a secure and private platform for Discord's users. If you are a Security Engineer with a passion for security and privacy, a deep sense of curiosity, and an endless desire to improve Discord, read on!

What you’ll do:

• Perform reviews ranging from architectural design to threat modeling and source code level assessments, providing recommendations to make our platform and infrastructure more secure
• Secure our software supply chain; all the way from a developer’s laptop, through version control, CI/CD, and into production
• Work with our Detection and Response team to ensure that we’re adequately monitoring the security of the systems that Discord builds.
• Develop automation to scale the capabilities of yourself and our team as we build.
• Develop best-in-class secure baselines for cloud and bare-metal resources.
• Partner with Anti-Abuse and Trust & Safety to improve our ability to yeet and delete bad actors from Discord

Example Projects:

• Build automated tooling to across our infrastructure for vulnerabilities including container images and infrastructure-as-code
• Design and implement security controls for a next-generation developer platform for building apps and services at Discord
• Partner with Engineering to design and build authentication in service-to-service communication
• Expand our malware detection capabilities to build a safer Discord

What you have:

• You have 5+ years experience building and/or securing production systems and infrastructure.
• You have 3+ years of experience as a Security Engineer working on systems with millions of users.
• You have 3+ years of experience programming in at least one general purpose programming language (we mainly use Python and Rust, but your experience with other languages is great, too!)
• You have experience building images for deploying code (e.g. Docker images)
• You have experience securing cloud-based environments (we use Google Cloud).
• You have experience with infrastructure-as-code tooling (we use Terraform).
• You have experience with container orchestration technologies (e.g. Kubernetes).
• You have experience with serverless technologies (e.g. Cloudflare Workers)

Bonus Points:

• Experience building and operating a service mesh (e.g. Envoy, Istio, Linkerd).
• Experience with or an understanding of modern authentication and authorization protocols and concepts (OAuth 2.0, OIDC, WebAuthn/FIDO2, Zero Trust, mTLS).
• Experience building complex applications and services on top of Google Cloud Platform

New York City only: Minimum salary of $186,000/year + equity and  benefits