About Us and Why We’re Hiring
We construct “You Want a Price range,” the most effective budgeting software program and academic sources round. (These within the know name us YNAB, which is pronounced “why-nab.”) For greater than a decade, folks have been shopping for YNAB after which telling their associates what a distinction it has made of their lives. Google us, or learn a few of our reviews on the app store, and also you’ll see what we imply. We love constructing one thing that has an enormous optimistic influence on folks’s lives.
We’ve taken the stance that it’s finest to make safe practices and decisions a sensible a part of our firm tradition from day one. Consequently, now we have numerous applications and practices in place that we’re happy with, and you’ll examine a few of our public-facing ones in our security policy. However safety is a journey, and though now we have loads of individuals who get obsessive about safety, we’re on the level in our journey the place we wish somebody who will get to obsess about safety all day, on daily basis. And that’s the place you, our new safety engineer, are available in. You’re keen on serving to these round you make good choices round safety and are skilled in serving to construct belief and comprehension round finest practices. You’re a important thinker with an open thoughts, you cause/debate with empathy, have sturdy communication expertise, and have deep respect for the ability of collaboration.
We now have one overarching requirement in terms of becoming a member of our crew: our Core Value Manifesto has to essentially click on with you. For those who’re nodding emphatically whereas studying this, you’ll most likely prefer it right here, and we are able to’t wait to attach with you!
In fact, now we have some agency* necessities too, like 5 years of expertise concerned in constructing software program, with at the least 3 years devoted to a security-focused function.
*Effectively, firm-ish. If you recognize you’re a fantastic match for this function however fall just a little wanting the five-year requirement, we encourage you to go forward and apply. We don’t want you to be the proper candidate on paper.
On the same notice, we all know impostor syndrome generally is a highly effective pressure and will discourage unbelievable folks from making use of. Please apply anyway. Many people right here have it too, so that you’re in good firm.
Okay, let’s speak about life at YNAB, after which we’ll go into element about what we’re searching for.
Who You’d Be Working With
You’ll naturally work with engineers, however you’ll additionally steadily work with everybody in our cross-functional product groups: Designers, Product Managers, and Buyer Help. And since your safety suggestions will usually apply to how we work internally, you’ll work with workers in advertising, training, and operations too.
All of our workers have one factor in frequent: They’re a pleasure to work with. You received’t discover heated arguments and raised voices right here. We save our aggressive spirit for YNAB’s exterior opponents (or the occasional spirited board/online game session), however internally we construct up our teammates and rejoice their successes.
We’re all keenly conscious of our work’s influence on prospects and the corporate, and we acknowledge safety and privateness are a vital a part of each function, no matter title.
So, safety isn’t a tough promote round right here. All of us work and sleep just a little bit higher once we know tips on how to architect a system that’s safe by design, and once we know that an errant click on on that attachment isn’t going to destroy the corporate.
And when one in all us does make a safety mistake, we’ll admit it as a result of we blame defective processes, not folks.
How You’ll Work at YNAB
We additionally work actually onerous, collectively, to make working at YNAB an incredible expertise, and we had been (humbly) proud to be named Fortune’s #1 Best Small Company to Work For the final two years. We now have a crew of actually distinctive folks—the sort you’ll be excited to work with. Right here’s how we function:
Accountability and Empowerment
YNAB appreciates, respects, and trusts the experience and judgment of our engineers. We empower them to do what they suppose is true.
We additionally work collaboratively. We constantly search the correct quantity of construction and unity obligatory to maximise productiveness. The place it is smart, we designate somebody to make a name.
Regardless that our persons are proper lots, it’s okay to make errors right here. Exploration and calculated dangers are very important to velocity and progress. We freely admit once we’re fallacious. If one thing doesn’t go as anticipated, we be taught, bounce again, and make corrections.
You received’t be alone; others might be there to assist, evaluate, reassure, and again you up. We personal our processes and collective outcomes as a crew.
Reside (Virtually) Wherever You Need
We’ve all the time been a completely distant crew, and have folks everywhere in the world. For this function, you’ll should be positioned someplace between the Pacific Time Zone (UTC-8) and the Central European Time Zone (UTC+1). For example, North America and most of Europe work properly. Wherever you’re, simply be sure to have a dependable web connection.
No Outrageous Hours
We wish everybody to have a full life outdoors of YNAB, and we seldom work greater than 40 hours per week. There have been a number of events the place issues bought busy and other people needed to put some further time in. However then they took some further break day, so all of it balances out. We work onerous and sensible, however we’re on this for the lengthy haul.
Take Trip (Critically)
We wish you to take trip. In reality, now we have a minimal trip coverage of three weeks per 12 months. 5 weeks feels about proper (plus two further weeks for our company-wide December break). It’s necessary to get loads of downtime and get out and do one thing. We’ll sit up for seeing photos of your adventures in our #office_wall Slack channel.
The YNAB Retreat
When the pandemic isn’t conserving us from touring, we get the entire crew collectively every year to compensate for spreadsheets and powerpoints in a Finest Western convention room. Simply kidding. Up to now, we’ve carried out Costa Rica, a gigantic cabin within the mountains, a seashore home within the Outer Banks, a ranch in Montana, and most not too long ago, Laguna Beach. We do actually enjoyable issues at these retreats, however the spotlight is inevitably simply being collectively and having a blast.
Up Your Recreation
We’re critical about serving to you enhance your craft. We funds for it (hey-o!). Suppose conferences, Lynda/Skillshare subscriptions, books, and devoted time away from work to be taught one thing new. We like to see our folks develop.
Worldwide is Completely Okay
Our crew is unfold throughout the globe, together with Switzerland, Mexico, Canada, Brazil, the UK, and everywhere in the United States. We arrange crew members within the US and UK as workers, and people in different international locations as unbiased contractors.
As talked about above, now we have a while zone restrictions for this function, however so long as you’re between UTC-8 and UTC+1, we’re good!
We provide glorious well being, dental, and imaginative and prescient insurance coverage for our US workers, the place we cowl 100% of the premium for you and your loved ones. No must examine your imaginative and prescient, you learn that proper—100%. Though if you happen to did must examine your imaginative and prescient, we’ve bought you lined!
We even have a Conventional and Roth 401k possibility. YNAB matches your contributions, as much as six % of your paycheck. Matches vest instantly. (Are you a private finance junkie like our founder Jesse? He arrange YNAB’s 401k to have the bottom payment construction potential, the place all plan prices are paid by YNAB, not your retirement nest egg. The funding funds obtainable are unbelievable, passively-managed, ultra-low-cost index funds. Not a PF junkie? Belief us, it’s superior.) For UK workers, we additionally contribute six % to your pension.
We additionally provide beneficiant paid parental depart for all full-time crew members. Right here’s to growing the world’s budgeters, one baby at a time!
The beginning wage vary for this place is $142,000-$170,000 USD yearly, relying on expertise. We contemplate raises yearly, and have a bi-annual profit-share bonus. YNAB wins, you win—that sort of factor.
- When you begin, we DEMAND (in a pleasant, ALL CAPS IS YELLING means) that you simply fill out your “Bucket Listing” spreadsheet with 50 gadgets. (That’s tougher than it sounds!)
- The bucket checklist actually helps in deciding what we should always offer you in your birthday and the vacations.
- We’re all adults. There’s no must punch a clock or ask for permission to take off early one afternoon to go see the physician. We take a look at what you accomplish, not how lengthy you sit (have you ever tried standing?) in entrance of a pc.
- We’re at present trialing a four-day work week! For us, this implies 4 common days of labor adopted by a three-day weekend…each week. That is new to us, and we’re studying lots, however we’re enthusiastic about what it might imply each for the corporate and our crew members.
- We wish you firing on all cylinders so we’ll set you up with a top-of-the-line pc and can substitute it usually.
- Did we point out we make an enormous, optimistic distinction on this planet?
If this appears like your splendid surroundings, learn on as a result of now we need to speak about you. You’ll play a giant half in constructing one thing straightforward and joyful to make use of that helps thousands and thousands of individuals uncover budgeting as a vital monetary and life-planning device. You will change lives.
You, Our New Safety Engineer
Whenever you learn the next checklist, you’re most likely going to suppose, “This sounds nice. I might actually assist in these areas,” after which a number of bullet factors later, you’ll suppose, “Wait, that is an excessive amount of for one particular person,” and that’s nearly definitely true. Fortunately that is solely the primary place we’re filling for our safety crew. We’d like your assist to determine the small print, however as we be taught extra we are able to speak about rising that crew the place obligatory. As well as, you’ll have:
- The popularity that simply since you’ll act as our important marketing consultant in these areas, you received’t essentially be the principle implementer.
- Cheap expectations concerning timelines.
- The expertise essential to know the place to prioritize your vitality first, primarily based on stable threat evaluation of threats, their probability, and their influence.
- The authority to suggest tips on how to construct out and rent our safety crew as we develop.
- The flexibility to suppose strategically and long run, and switch that pondering into tactical progress/accomplishment.
So though we’re looking for a safety unicorn with a large depth and breadth of information, we’re not anticipating you to be a magical unicorn!
Defend YNAB – The Product
- We now have skilled, security-savvy engineers, and you’ll assist guarantee they comply with safe growth practices and construct rigor round our software program growth life cycle to make it safe.
- Triage incoming bugs from our ongoing Bug Bounty Program with the suitable utility engineers.
- Help and prepare us in performing security-focused code opinions.
- Make the most of your expertise in establishing methods which are safe by design to behave as the first safety marketing consultant for our engineers as they architect new methods.
- Examine intrusion/ATO makes an attempt utilizing our utility monitoring stack, and suggest infrastructure enhancements to make subsequent intrusion makes an attempt simpler to establish and block.
- Make significant suggestions for Safety Info and Occasion Administration (SIEM), and know what that will appear to be for a completely distant SaaS firm.
- Preserve abreast of finest practices and vulnerabilities to make sure that we don’t fall behind as attackers innovate.
- Consider and Coordinate with third occasion auditors to carry out penetration checks and code audits. (And while you learn their report, you’ll be able to simply distinguish between the advertising fluff and the scary stuff.)
- Suggest automated checks to assist detect vulnerabilities earlier than we ship them.
- Introduce safety requirements which are enforced by means of sturdy documentation and empathetic steering.
- Purpose clearly about safety and product tradeoffs and stability such priorities in choices.
- Discover bettering engineering requirements, tooling, and processes rewarding.
Defend YNAB – The Firm
- Consider and increase our Inside Safety Insurance policies and Governance Paperwork.
- Know tips on how to discover the stability between insurance policies that make us extraordinarily safe, however paralyze the group, and lax insurance policies which are extraordinarily environment friendly, however depart us one click on away from a business-ending ransomware assault.
- Work with Operations/IT to:
- Guarantee now we have configured our inside enterprise purposes accurately and securely.
- Suggest cloud suppliers for security-sensitive operations, like identification administration, account provisioning, and so forth.
- Carry out Inside Danger Assessments to assist guard in opposition to probably the most possible safety threats our enterprise faces.
- Consider and suggest inside safety coaching supplies which are truly helpful.
- Assess our current infrastructure, from bodily asset practices to community settings.
- Reply to safety questionnaires from potential distributors.
- Assist navigate new legislative necessities concerning information privateness.
- Establish threats and vulnerabilities in a completely distant SaaS surroundings.
- Put together for potential threats that would disrupt operations.
Defend our Clients and their Knowledge
- We assist our prospects to make safe choices by default, and you’ll assist enhance our current methods designed to: forestall unhealthy/breached passwords, encourage enabling 2FA, resist phishing and self-XSS makes an attempt, and so forth. You’ll coordinate with the product and engineering groups to judge our efforts and make suggestions to enhance them.
- Seek the advice of with our Head of Product, Head of Expertise, Operations, and attorneys to assist reply to, and probably automate our (uncommon) GDPR/CCPA requests.
- Subject inside and exterior safety questions concerning the therapy of delicate information.
- Preserve our exterior safety and privateness insurance policies updated.
A bit extra about you:
You might have a robust technical background with at the least 5 years of expertise associated to constructing, delivery, and securing software program. Ideally in a SaaS surroundings.
We acknowledge that folks get into software program “safety” by many paths, so it’s troublesome to boil our expertise necessities all the way down to an ideal checklist of bullet factors, however you’re the particular person we’re searching for if you happen to:
- Usually are not solely undaunted however excited in regards to the above checklist of duties and appropriately assured in your capability to deal with most of them.
- Are a collaborative crew participant, but in addition snug working independently with numerous autonomy.
- Have sufficient expertise to be shocked to see us depart sure issues out of the above job description, and sit up for educating us.
- Have broad sufficient expertise to have the ability to make best-practice safety suggestions for our group as a complete, whereas having deep sufficient expertise to have the ability to acknowledge and probably even exploit prime OWASP vulnerabilities like SQL injections, XSS, and so forth.
- Labored on, and probably led a safety crew earlier than with a title like Software Safety Lead or Software Safety Engineer.
- Are a wonderful written and verbal communicator.
- We divorce administration experience from technical experience right here, and it is a technical function. Though you don’t need to know the way or want to handle folks, you have to be extraordinarily personable and in a position to effortlessly be a liaison and champion of safety and coverage between all groups and ranges at YNAB.
In case your path to the world of data safety concerned “hacking”, and you’ve got a prison file because of this, we’ll nonetheless contemplate you relying upon the circumstances. Tell us upfront so we are able to speak about it somewhat than be shocked when doing our background checks.
YNAB is an equal alternative employer. We imagine a variety of backgrounds, beliefs, skills, and experiences is important to our success. We’re keen about making a welcoming, supportive, and collaborative surroundings for all workers. All are inspired to use as we proceed to develop a sensible, skilled, and numerous crew that loves working collectively to construct one thing that issues.
Methods to Apply
- Apply by filling out this form. You’ll must log in to your Google account to entry it.
- The deadline is 11:59 pm PT on Sunday, July 10, 2022.
- Our objective is to make the hiring course of as accessible as potential. If we might help you with an accessibility want, e-mail us at at [email protected] You’ll want to point out within the topic line that you simply’re making use of for the Senior Safety Engineer place. (Please notice that this inbox is just monitored for messages associated to lodging.)
We’re excited to listen to from you!
P.S. For those who’re not on this place proper now, however know somebody who could be, we’d recognize you passing this alongside!