SENIOR SECURITY ENGINEER at npm
Who We Are
npm is the world’s largest software repository, with over 10 million users and over 26 billion software package downloads every month.
What You'll Do
* Support the security team with engineering efforts
- Improve existing tools and build new ones from scratch to help security efforts
- Build tooling in JavasScript to help security research and development
*Support the engineering team with security advice and fixes
- Perform code and architecture reviews from a security perspective
- Help support a Secure software development life cycle for our engineering team
* Identify problems and investigate incidents as needed understanding their security impact and root cause as well as providing guidance for remediation.
* Help keep the registry as secure as it can be with the support of your colleagues
* Write internal documentation. This includes RFCs for new features as well as descriptions of APIs.
* Collaborate with teams across the company - from Engineering and Support to Sales and Marketing.
What you’ll need
Ability to read code / design documents and identify security flaws and weaknesses
Our Code of Conduct
npm is a piece of technology, but more importantly, it is a community.
We believe that our mission is best served in an environment that is friendly, safe, and accepting; free from intimidation or harassment. We do not tolerate abusive behavior. See our unabridged code of conduct here.
Why You Should Join
In joining the npm team, you'll become an important part of a small but dedicated security team. We strive to provide a sensible working environment that doesn't ask for or encourage habitual overtime and we offer flexibility in schedule. We have a progressive parental leave policy and vacation time is not just encouraged, but celebrated. We also understand that healthy schedules lead to better outcomes. To help ensure this balance we have contracted support night coverage so we don't interrupt anyone's sleep.
We believe that high-performing teams include people from different backgrounds and experiences who can challenge each other's assumptions with fresh perspectives. To that end, we actively seek a diverse pool of applicants, including those from historically marginalized groups — women, people with disabilities, people of color, formerly incarcerated people, people who are lesbian, gay, bisexual, transgender, and/or gender nonconforming, first and second generation immigrants, and people from low-income families.