At Frame.io, were powering the future of creative collaboration. Over 700,000 video professionals use Frame.io to seamlessly share media & gather timestamped feedback from team members & clients. Simply put, we help companies create better video, together.
We want you to get better too. We believe that we have a duty to be the stewards of your career, both at Frame.io & beyond. Having conversations about your entire career & not just your time here helps align our incentives & makes everything so much easier.
Frame.io is backed by Accel, SignalFire, FirstMark, Jared Leto & a host of other phenomenal investors. We've built a highly functional & market-leading product used & loved by companies such as Turner, Disney, NASA, Snapchat, BBC, BuzzFeed, TED, Adobe, Udemy, & many more.
About the Role
We are looking for a highly motivated, adaptable & talented Product Security Engineer who is an expert in building/breaking/educating. Your work will directly impact the experience of our highly passionate creator community. We are looking for natural innovators who strive to continuously improve & learn.
- Work independently with developers, product owners, & other colleagues to ensure secure design, development, & implementation of our applications
- Review application security controls & designs prior to live implementations of new features or products
- Serve as the security expert & communicate information security-related concepts to technical & non-technical team members
- Evangelize secure code development practices internally
What we think you'll need to be great at this job
- Strong foundation in & an in-depth technical knowledge of application security, particularly web application & iOS security
- Keen ability to break the applications in order to uncover security flaws
- Strong understanding of secure SDLC practices & the ability to implement them
- Strong understanding of cryptographic algorithms & protocols
- Expertise in application security related concepts, such as authentication, authorization, data integrity, session management, access controls, & input/output handling
- Experience in managing vulnerability management programs
- Experience conducting application penetration tests
- Proficient in one or more of the programming languages (Elixir, Node.js, Python, Go)
- Willingness to tackle any challenge, even if not directly relevant to core competencies
- AWS knowledge is a plus