Output is one of the most influential and fastest-growing music-making software companies in the world used by the likes of Drake, Bjork, Rihanna, and Coldplay, to name a few. Our focus is to inspire a new generation of music makers with a platform that brings the power of a studio to anyone, wherever they are. With groundbreaking products providing new sources of inspiration and sound; here at Output, we are on an endless journey to revolutionize the way creators make music. 

Since raising a $45 million Series A investment, the Output team is growing, and we’re looking for an experienced Senior Software Engineer who specializes in the Security and Identity domains.  The ideal candidate will be an expert on auth best practices, architecture and implementation, and equally comfortable providing incident support during an bot attack, providing mitigations and updating our WAF firewall rules.  We’re looking for someone with a broad tech background to be able to mentor backend, web and frontend engineers on security best practices, and able to guide us to stamp out security vulnerabilities over time.  They will need to work closely with engineering and business stakeholders across platform and client engineering.  A successful candidate must be self-motivated, detail-orientated, technically savvy, and energized to chart the course for the Output’s future security engineering roadmap.

How you'll add value:

• Provide security tech leadership - Be able to work cross-team across engineering, with a focus on platform engineering including the web and API teams
  • Security
    • Ability to identify and prioritize security vulnerabilities - across website, APIs, client applications, and internal tools - and work with teams to execute tasks to improve 
    • Web security setup and configuration via CloudFlare or other providers - including WAF configuration, DNS, firewall rules, API rate limiting approaches and tools
    • Experience configuring VPN, VPC, etc with cloud providers like GCP, AWS, etc.
    • Security attack incident management and response for DDOS, cred-stuffing, etc - Able to identify impact and prescribe short- and long-term remediations to minimize security risks and customer impact
    • Familiar with recaptcha, MFA, and other verification methods 
    • Prioritize security risks, create team follow-up actions, organize security bug bounties and bashes as needed
    • Be a voice and advocate for security best practices - Plan and execute security projects across the org to increase security awareness and reduce vulnerabilities
    • Problem solver - Able to identify source and intent of attacks and potential security breaches, find commonalities in malicious traffic patterns
  • Identity
    • Be a subject matter expert on authentication and authorization
    • Work closely with our backend team on auth related projects and ensure code meets security standards
    • Be the tech lead for data privacy related projects
    • Deep experience applying latest auth technologies and techniques including migrating to more secure approaches on productions systems at scale
    • Familiar with JWT, token revocation, HTTPS/TLS, etc.
    • Experience with cloud identity providers and IAM (GCP, AWS, Auth0) 
    • Able to guide tech teams on identity architectural patterns and best practices
    • API keys, request signing, public/private key approaches, CAs, encryption algorithms and hashes
    • Experience including security in CI/CD processes
  • Act as an engineering role model for security engineering at Output
    • Set high standards and lead by example on security engineering best practices - including how security concerns impact architecture, code reviews, development best practices, API services design, database implementation, CI/CD processes, prod-readiness, etc.
    • Lead the charge to improve security through metrics, KPIs and concrete measurable next steps
• Be able to wear the tech product owner and project manager hat as needed in the security engineering space as needed

What you'll need to be successful in this role:

• 5+ years hands-on experience in security and identity software engineering for production systems 
• CS / EE degree or similar experience
• Strong leadership, mentoring, and communications skills to advocate for security
• Strong partnership and relationship building skills - Able to partner closely with Product, Engineering, and QA peers 
• Strong decision making, prioritization skills and focus - Able to shield the team from external noise while focusing them on the highest value work
• Broad exposure to software technologies, languages, frameworks, and tools ranging from web tech to backend api’s and services, to client UI frameworks, libraries, and binaries  
• Strong stakeholder management skills - Able to manage stakeholder expectations, project risk, and anticipate stakeholder needs
• Experience in setting up security observability, monitoring, and alerting
• Bonus: Passion for democratizing music making and empowering creative music makers