Who we are
Everything is changing in how software gets built, and Sourcegraph is at the center of that transformation. With Code Search, Deep Search, and MCP, Sourcegraph is the world’s most powerful code intelligence platform that developers and agents rely on to navigate, understand, and operate on massive, complex codebases with speed and confidence.
Teams at companies like Stripe, Uber, and Dropbox rely on Sourcegraph to ship faster and with higher quality. We’re backed by a16z, Sequoia, and Redpoint, and proud to operate as a globally distributed team that values high agency, direct communication, and a deep love for developers and their craft.
Why this job is exciting
As a Security Engineer, you will join our exceptional security team tasked with building world-class security into our product offerings by working on security operations, maintaining and improving our monitoring and alerting stack, participating in on-call and responding to security incidents, application security testing, bug bounty programs, and security reviews for both application and infrastructure security. You will proactively improve the security of our codebase, product, cloud, and customers' on-premise deployments. This is a generalist role where you will be primarily focused on Security Operations, but will also work across all facets of a security program.
Responsibilities
- Be onboarded to our alerting and monitoring stack and participate in on-call rotations.
- Discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers.
- Maintain internal systems, such as automations that assist in alert triaging.
- Work with other teams to triage, troubleshoot, and mitigate customer concerns regarding security.
- Enhance application security with audits, best practices, code fixes, and continuous education.
- Perform reactive incident response and proactive research to detect new attack vectors.
- Perform threat modeling for existing and future applications.
- Assess and integrate new tools and technologies to improve operational efficiencies and maintain compliance with SOC 2, ISO 27001 & GDPR standards.
Your skill-set
- Practical experience reviewing SIEM alerts and participating in on-call rotations.
- Practical experience securing SaaS applications, including infrastructure security, application security, and/or compliance.
- Experience with Go, including writing and maintaining internal tooling and performing code reviews.
- Experience with Elastic stack and GCP.
- Experience using and automating a wide range of defensive security tools.
- Experience working across engineering teams to secure projects across the organization.