Security Engineer

Job description

In the time it takes you to read this job ad, around 200 new accounts will have signed up to Linktree.

About The Job

Linktree is growing fast, and so are our teams, including the IT & Corporate Engineering group. As the first security engineer in this new team, you’ll have an incredible chance to create a huge impact from day one. As a foundational member, you’ll embed a culture of security within Linktree, across every squad and business team, and work on compliance, legal, and trust & safety issues. Initially, this will include splitting your time between our corporate and product engineering teams (initially, about 70/30 product/corp.)

As part of the Corporate Engineering team, our job is to build elegant experiences and services for Linktree that delight the user; this includes building a security culture, driving awareness, partnering with engineers and teams to identify and close gaps, and educating squads on standard methodologies to make our product, code, and company more secure. We want to remove the work-about-work our teams do every day, and make security accessible and delightful, just like our product.

You’ll spend some time working on our compliance goals, including initiatives like SOC2 and ISO27001, and partnering with Trust & Safety and Legal on projects. On our product side, a good understanding of technologies related to front-end development, infrastructure-as-code, and web technologies is essential. Our tech stack is Javascript end-to-end with React and Node.js, and also includes Typescript, Storybook, Elasticsearch, REST APIs, PostgreSQL, GraphQL, AWS (Lambda), Datadog, Fastly, Docker, Terraform and Snowflake. Our first build was in PHP so that is in our legacy code.

This is a big job, and you will help pave the way for future security engineers at Linktree. You will be an individual contributor to start, and an active hands-on engineer, writing code, collaborating with teams, and working across multiple squads.

What You’ll Do

  • Embed yourself within squads to help -- you’re excited to make security approachable.
  • Build and deploy security posture checks on new code – you may review code, or write and contribute, crafting examples and providing feedback on design and architecture.
  • Own our HackerOne program, helping triage reports and inquiries.
  • Lead detection and response activities, including responding to incidents and playing an active role in investigations and resolutions.
  • Deploy controls and security solutions in cloud environments (AWS, GCP) and infrastructure.
  • Work with Legal and Operations on compliance initiatives, helping advise on requirements related to SOC2, ISO27001, GDPR, among others.
  • Work with Data Loss Prevention (DLP) solutions to ensure we maintain our compliance obligations and ensure we are trustworthy custodians of information related to PII and PCI data that may be in our SaaS applications, such as Slack, GSuite, Dropbox, etc.
  • Participate in and run pentesting, and proactively help find gaps and issues.
  • Deploy vulnerability management tools across CI/CD systems, compute, and container infrastructure.
  • Evaluate vendors, ensuring they meet our security and compliance needs, and perform due diligence.
  • Write documentation that scales across the engineering org, helping build a strong knowledgebase of security resources.
  • Build projects and plans to address issues and create short and long term objectives, including advice on future needs, concerns, and how to scale.
  • Help build measurable security metrics and performance indicators, helping bring transparency to the process and team.
  • You'll be an evangelist for security, mentoring and developing other engineers.


Who Are You?

It would be fantastic if you have:

  • B.S. or M.S. in Computer Science or related field, or equivalent experience (such as security industry certifications)
  • A solid grasp of the threat landscape, as well as common attacks and solutions for web technologies.
  • An understanding of the space Linktree is in -- our product spans commerce, music, social networks, media, just to name a few -- and the risks in those areas.
  • Experience with social networks / social media or related products.
  • A strong grasp of authentication and identity platforms (customer identity or corp).
  • Vulnerability management and remediation.
  • You’ve been an early-stage startup security hire, or joined in a hyper growth stage -- you understand you can’t do it all, but you’re comfortable building a plan, and ruthlessly prioritising, and bringing others on the journey with you.
  • Familiarity with a CI/CD pipeline and DevOps environments.
  • Ability to develop tools in modern languages
  • You’ll collaborate across all teams -- you are a people person at heart, and love to help.
  • You write clear, easily understood, and relevant documentation for the right audiences.
  • You’re comfortable working remotely.
  • You can explain technical issues in an easy to understand way to various audiences, from junior staff to executive leadership if needed.
  • You’re super nice -- people love to work with you, and you participate in making the culture even better.

Nice to Haves

We know that experience and skills can be related to the opportunities you’ve had in your career, and every person is different. If you have some of these skills, but not all, please apply and let us know why you’re amazing, and what makes you a phenomenal fit. We’d love to talk.

Our Culture

We hire with a people-first approach, so more importantly as a human, you will be collaborative, curious, enjoy solving complex problems and have empathy for the growing pains of a rapidly scaling startup.

Linktree's company culture and values are based around collaboration, diversity, inclusion, and flexibility. Those are all nice words but to give you some more specific examples:

  • We are a family-friendly and flexible work environment with our team with a number of our team working hours around school and home commitments.
  • We have a paid 18-week parental leave policy that is inclusive of birth and non-birthing parents and supports the whole parenting lifecycle
  • We have several diversity and inclusion initiatives underway, including a D&I council, training for all team members on neurodiversity, unconscious bias, and the incorporation of a transgender inclusion policy.
  • Our team is diverse across age, gender, and race and we are very proud of that.
  • All Linktree team members work either fully remote or a hybrid remote and in-office sometimes and that will continue even when COVID is behind us
  • We prioritise our team's mental health, with all employees have free access to Smiling Mind & Uprise, including 1:1 coaching sessions from qualified psychologists or counsellors.
  • All Linktree team members receive $1000 AUD towards setting up their work from home space

The Linktree story:

The Linktree journey begins in 2016 when co-founders Alex, Anthony and Nick were running a digital agency and using Instagram to make announcements about the artists they managed. Created as a side hustle to solve a simple problem, Linktree has well outgrown its roots, with over 18 million users worldwide, 30,000 + new signups every day, and around a billion pageviews per month. Paired with rapid growth, Linktree has recently garnered much attention in the tech world, earning 4th place on Fast Company's "10 most innovative social media companies of 2020".

In March 2021, Linktree raised $45 million in Series B Funding led by Index Ventures and Coatue on top of our Series A with Insight Partners and AirTree. The funding will be used to expand headcount globally, develop product features and go towards making Linktree the best possible place to work for our team.

The Linktree audience is broad, spanning publications, artists, celebrities, fashion and beauty influencers, YouTube stars, sports teams and household brands, right the way through to individuals with a side hustle and micro-influencers. Linktree subscribers include TikTok, Facebook, ClassPass, Patreon, Zapier, Katy Perry, Selena Gomez, Pharrell, Jamie Oliver, HBO, Red Bull, Adult Swim, Cara Delevingne, Comedy Central, Gordon Ramsay, Billabong…and many more!