RevenueCat makes building, analyzing, and growing mobile subscriptions easy. We launched as part of Y Combinator’s summer 2018 batch and today are handling more than $2B of in-app purchases annually across thousands of apps.
We are a mission driven, remote-first company that is building the standard for mobile subscription infrastructure. Top apps like VSCO, Notion, and ClassDojo count on RevenueCat to power their subscriptions at scale.
Our 70 team members (and growing!) are located all over the world, from San Francisco to Madrid to Taipei. We’re a close-knit, product-driven team, and we strive to live our core values: Customer Obsession, Always Be Shipping, Own It, and Balance.
We value user privacy and security, and our services are designed with these principles in mind. We are SOC2 Type II compliant and strive to minimize the information we store while designing highly secure services from the outset. Additionally, we participate in bounty programs.
As the first security engineer on the team, you will have the opportunity to shape the security vision and best practices of a brilliant and talented engineering team.
You will be part of the Core Infrastructure team responsible for ensuring the security of the infrastructure. Your role involves working closely with devops and infrastructure engineers to enhance security in the production environment and CI pipelines. You will review technical design documents from a security standpoint and handle Vanta security alerts. Additionally, you will collaborate with the Core Infrastructure Director to prioritize security efforts and lead cross-functional initiatives to enhance security.
- You have previous experience in large-scale environments, preferably web / api services.
- You are passionate & opinionated about infrastructure and security.
- You value developer speed, while recognizing that there is no perfect security. However, you believe that significant improvements can be made to the security of services and organizations.
- You have a solid understanding of current global security landscape.
- You can quickly asses the situation and prioritize the most critical needs.
- You have a strong understanding of security tools and cloud security offerings, in particular for AWS: User and role management, networking, data store & management, vulnerability scanning, intrusion detection, log and monitoring tools… And you can leverage this knowledge to build highly secure production environments and CI pipelines.
- You have experience with infrastructure as code, cloud environments, Linux, containers, and common OS-hardening practices. While your focus is on infrastructure, you have at least some basic knowledge of application-level security.
- You have experience in handling vulnerability management and patching policies (focusing on automation to reduce manual work) and incident response and threat analysis.
- You can evaluate service designs from a security standpoint and provide suggestions and improvements. You can comprehend complex services and continuously enhance their security.
- You are proficient on at least one programing language (Preferably python)
- You thrive working within a team of brilliant engineers, collaborating and helping them build more secure systems.
In the first month, you’ll:
- Familiarize with our architecture and learn the problem domain
- Meet the team and stakeholders
- Deploy your first change to infrastructure
- Meet frequently with your team and mentor to get up to speed
Within the first 3 months, you’ll:
- Scope and prioritize the security roadmap
- Take ownership of vulnerability management
- Build relationships with stakeholders
Within the first 6 months, you’ll:
- Deliver measurable security improvements in the production infrastructure
- Become the to-go person for security reviews and assessments
- Drive the security culture
Within the first 12 months, you’ll:
- Start growing the team
- Mentor other engineers
- Develop the security incident response process
- Deliver significant security improvements in the production infrastructure, with low friction
- Establish strong relationships and influence across engineering
- Drive the security culture in the company
- Have a clear long term strategy
What we offer:
- $200,000 USD salary regardless of your location
- Competitive equity in a fast-growing, Series B startup backed by top tier investors including Y Combinator
- 10 year window to exercise vested equity options
- Fully remote work environment that promotes autonomy and flexibility
- Suggested 4 to 5 weeks time off to recharge and focus on mental, physical, and emotional health
- $2,000 USD to build your personal workspace
- $1,000 USD annual stipend for your continuous learning and growth