Location: San Francisco or London
Employment Type: Full time
Team: Opportunities
About Rocket Lawyer
We believe everyone deserves access to affordable and simple legal services.
Founded in 2008, Rocket Lawyer is the largest and most widely used online
legal service platform in the world. With offices in North America and Europe,
Rocket Lawyer has helped over 25 million people create over 50 million
legal documents , and get their legal questions answered.
We are in a unique position to enhance and expand the Rocket Lawyer platform
to a scale never seen before in the company’s history, to capture audiences
worldwide. We are expanding our team to take on this challenge!
Responsibilities
- Work closely with engineering teams and product managers to ensure that RocketLawyer’s products are secure.
- Conduct regular threat models, code reviews and dynamic testing to proactively find potential vulnerabilities.
- Deploy and operationalize a software composition analysis (SCA) solution.
- Build and operationalize a bug bounty program.
- Push vulnerability fixes with assistance from engineering teams where appropriate.
- Assist in creating secure coding training and run a security champions program.
- Build security requirements and instill secure coding best practices.
- Development of automated security testing to validate that secure coding best practices are being used.
- Analyze, assess, and respond to various internet threats.
Qualifications
- Development or scripting experience and skills. Java & JavaScript is preferred.
- Ability to conduct code review and provide advice on secure product design.
- Familiarity with common security libraries, security controls, OWASP and common security flaws.
- Hands-on experience with SAST, DAST & SCA tools (Checkmarx, Synk, OWASP ZAP, Burp etc).
- Good understanding of network and web related protocols (such as TCP/IP, mTLS, HTTPS etc).
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
Preferred Qualifications
- Contributions to the security community (blogging, presentations, CTFs, bug bounties etc).
- B.S. or M.S. Computer Science or related field.