Skip to content
Senior Security Engineer
| Company | Duolingo |
|---|
| Location | New York, NY, USA |
|---|
| Salary | $177700 – $300000 |
|---|
| Type | Full-Time |
|---|
| Degrees | Bachelor’s |
|---|
| Experience Level | Senior |
|---|
Requirements
- Experience deploying, managing, and troubleshooting security scanning tools in the CI/CD pipeline
- Familiarity with Linux system administration, automation, and Python programming
- A desire to learn more about security and develop the foundational building blocks of the program
- Strong collaboration, emotional intelligence, and communication skills
- A Bachelor’s degree in Computer Science or related technical field
- Proven experience developing and maintaining microservices
- 2+ years working on collaborative development teams
- Experience in product, application, or cloud security
- Willingness to work in both backend engineering and operational engineering dependent on the needs of the organization
- Ability to relocate to New York, NY
Responsibilities
- Design and develop scalable monitoring and response systems for security alerts to proactively mitigate risks
- Continuously evaluate Duolingo’s security posture, anticipating future threats and devising appropriate countermeasures
- Collaborate with development teams to conduct threat modeling, identify risks, and provide guidance on mitigations
- Be a partner to our security champions, organizing and growing the program across Duolingo to ensure the efficient distribution of security knowledge
- Implement dependency checks for open-source software within applications
- Participate in regular product security tabletops with organizational partners
- Work on deploying early alerting systems throughout our environment and the responsive automations that trigger when they alert
- Develop a continuous verification and testing system for security controls and critical features
- Work with our partners in finance to ensure we maintain compliance with our regulatory obligations
- Collaborate with IT to improve the security of our offboarding processes by introducing automation and well documented procedures
Preferred Qualifications
- Familiarity with containerization runtimes (Docker, rkt)
- Experience securing a large infrastructure on AWS
- Threat modeling experience across various architectures and understand how to align those with business goals
- Demonstrable experience in designing and managing multi-account cloud environments
- Experience communicating sophisticated technical requirements to audiences of variable technical sophistication
- Experience working in Terraform, developing modules and creating secure by default configurations
- Familiarity with security scanning tools such as SemGrep, Nuclei, Trufflehog, and Checkov
