As Kiwi.com has grown with incredible speed, our teams created a lot of microservices. This was a trigger for creation of Platform team which then gained some control over those. As the amount of services grew even more, we naturally split into separate squads, one of them being focused on Application Security.
What you can actually work on
SDL – to help teams with security decisions and to prevent them from introducing new security flaws without introducing friction.
Bug Bounty Program – triaging vulnerabilities from the world’s best hackers on our (currently private) HackerOne program.
Cloud Security – cooperating with our infrastructure squad to secure our Kubernetes and Google Cloud Services with new shiny tools like IAP, Istio or Vault.
Best Practices – creating secure development practices and programs for our engineering teams and external developers
Automation – writing tools to help with the automation of tedious security tasks, e.g. helping with security checks in The Zoo or maintain services such as Security Monkey.
Community – building internal security awareness among developers, making internal security workshops or helping external community by organizing and speaking on meetups
What we need from you
- Some knowledge of Python or Go
- Be comfortable with Linux
- Understanding of common web security flaws like XSS or SSRF
- Willingness to learn and experiment
- Be able to read this job listing without Google Translate
What we would like to see
- CTF or bug bounty experience
- Background in software engineering
- Open source projects or public speaking engagements
- Experience with GCP, Docker, Kubernetes, Istio or microservices
- Some experience with GitLab CI, DAST, SAST, Burp Suite, dependency or container scanning tools
- Awareness of serverless or GraphQL
The Platform Team
We are a group of passionate developers who like to do stuff the right way.
We are happy to write open source code which gives back to the community.
In the AppSec squad, we mostly spend our free time playing games, playing CTFs or hacking other companies as bug bounty hunters.
Why it rocks to be at Kiwi.com?
- Challenging SDL, as we deploy immediately after a job is completed, not after months of QA.
- Do, fail, learn — repeat! We understand that mistakes happen and we learn fast.
- We decide which cutting-edge technologies are appropriate for the task. This includes Identity Aware Proxy, Istio, Vault or GitLab Ultimate
- We love contributing to Open Source
- We share our practices by writing articles to code.kiwi.com and speaking at conferences and technological events worldwide. For example Our Comprehensive Guide to Python Dependencies
- We code at hackathons and hack at CTF competitions
- We support the local technological community and support organization of OWASP meetups.
- We use our work time wisely with a friendly vacation policy and work schedule.
- We also like to party and hang out together.
- Dogs, kids, and parties are welcome in our offices.
- Besides a fair salary, we can also look forward to quarterly bonuses dependent on our performance
- We work, play, relax, workout and even nap in our offices (complete with sauna, gym, masseur, sleeping rooms, canteen, chillout zones, free refreshments, etc.)
- We also enjoy standard benefits, such as Sodexo Gastropass for meals and Flexipass for hobbies, sick days, VIP Medical Care, flight vouchers, and a multisport card
- Thanks for reading this far! That probably means you’re really excited about this position, we like that!
Are you tired of doing security the old way? You have good ideas, but you are not able to bring them to reality in your current company? Would you like to work with cutting edge technologies and you would like to play with it more on company wide level? If answer to any of those question is yes, don’t hesitate and apply today!
Your manager to be