Senior Software Engineer, Security
InVision is the world's leading product design platform, powering the future of digital product design through our deep understanding of the dynamics of collaboration. We provide two million people with the power to prototype, review, refine, manage and user test web and mobile products. InVision drives the product design process at leading Fortune 100 companies, including at Disney, IBM, Walmart, Apple, Verizon and General Motors. Backed by Accel, ICONIQ Capital, FirstMark Capital, Tiger Global and others. InVision is a distributed team with over 350 employees around the world.
Our development flow is designed and built for maximum speed and velocity. As such, we have an engineering security team heavily focused on identifying and remediating application vulnerabilities. You will be part of a team that has an opportunity to work across a wide range of products and services, working with and communicating across all teams in technology and responding to internal and external stakeholders. You will have an opportunity to identify security enhancement and cutting edge features that are attractive and desirable to our customer base.
You will contribute to an environment that enables you to do your best engineering work, and you’ll do it with new web standards and frameworks like ES6, React, MongoDB, NodeJS, Go, and Docker. We empower engineers by being laser focused on maximum developer velocity through automation of tests, builds, deploys and tight customer feedback loop to continuously improve the product.
Building and shipping something this amazing and owning it from prototypes and specifications to release requires constant collaboration with the brightest people in the organization. Whether you’re at a beach house in Hawaii or a coffee shop on the East Coast, you’ll have the support of brilliant developers at your fingertips to get you through and keep the workday challenging and fun.
As Part of The Team:
- Closing any and all user-data vulnerabilities like Cross-Site Scripting attacks, brute force attacks, leakage of Personal Identification Information (PII), and ensuring that as much of our API surface area (as can be reasonably expected) is protected by request forgery mechanisms.
- Interfacing with bug-bounty programs to identify, reproduce, remediate and test emergent vulnerabilities in our application source code.
- Work with the product team to evolve, design, implement (and sometimes compromise on) new security measures like Two-Factor Authentication (2FA).
- Research the cost and effort associated with implementing new security requirements and audit resolution.
- Designing and implementing PCI-compliant payment processing strategies.
- You will be responsible for building and shipping all components necessary for your product, and you will work with Product Managers and Designers to determine the functionality, look, and feel.
- You will frequently interface with other Product Engineering teams and Platform Service teams to take advantage of and incorporate their services and tools into your product.
- Every day offers a variety of work, an opportunity to contribute new ideas, and the ability to share your knowledge through blog posts and presentations.
What You’ll Need to Join Us:
- Expert knowledge of application vulnerabilities. OWASP top 10 is a good place to start but understanding that there are over 600 distinctly different types of coding vulnerabilities
- Ability to debug hard problems at every level of the stack; can debug a web application problem single-handedly all the way from the browser, through the transport, through the application and servers and databases and asynchronous queues. Not afraid of logs and core dumps.
- Use of continuous integration and delivery technologies at an expert level and ability to teach others best practices.
- Experience designing and building high volume, scalable SaaS applications from end to end.
- Curiosity to iterate and improve on solutions; you view unknowns as challenges and enjoy them.
- Motivation to understand the business and our users, their requirements, and deliver results.
- Passion for continued learning and achieving personal goals through developer community involvement and contributions.
InVision offers an incredibly unique work environment. The company employs a diverse team all over the world. In the United States we have teams including hubs in New York, San Francisco, Austin, Portland, and Boston. Each InVision team member is given the freedom and tools to do their best work from wherever they choose. Among our benefits we offer competitive health plans, 401k, a flexible vacation policy, unlimited Starbucks cards for each employee, and unlimited books related to your profession.
InVision is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.