Security Engineer

Thumbtack is a local services marketplace that connects customers who need to get things done with local, skilled professionals who can help. From plumbers and painters to DJs and personal trainers, Thumbtack helps millions of customers find the right professional for their project in over 1,000 categories.

Here at Thumbtack, we’re building the easiest way for people to hire local professionals for projects big and small. From house painting to personal training and everything in between, we match customers to the right pros for all of life’s projects. With a fast growing user base and internal staff, privacy and security are becoming a greater concern for our engineering team, and we want to harden our systems against all possible threats. From credit cards and SSNs to intimate personal details, we expect (as do our users) that data on our systems is private and secure. We’re looking for someone to lead our security efforts. We know security is an ever­-changing landscape of threats, vulnerabilities, new technologies, and best practices. We’ve done the basics (protecting against the likes of Bobby Tables, for example) but now we’re looking for someone to take our security practices to the next level across our entire platform. From vetting application logic to hardening firewalls and forming best practices with our IT teams, you will own Thumbtack’s security and privacy efforts. Thumbtack currently has offices in San Francisco and Salt Lake City, with a large team of remote contractors based in the Philippines. To more effectively manage our rapid growth, we're currently moving services from dedicated Linux machines to AWS. We currently use Python, Go, and PHP, and manage our infrastructure with Puppet.

* Perform security and privacy risk assessments on infrastructure components * Design, evaluate tradeoffs, and implement security enhancements * Investigate incidents and lead response efforts, while identifying methods to improve preparedness * Maintain engineering and security documentation; provide training and awareness to fellow engineers

* Strong web development and operations background, with a solid grasp of all aspects of things IP, TCP, HTTP, and on up * A penchant for finding bugs and security flaws in even the most well-guarded systems to minimize risk within our organization * Comfortable writing tools in Python to automate operations * Knowledge in the various use cases for state-of-the-art cryptography * Solid foundation in network security which compliments your system and server security expertise * A strong level of comfort with core Linux security principles * A desire to make the world better by protecting the safety, privacy, and security of technology users * Strong communication skills and willingness to proactively collaborate * Ongoing excitement to learn and grow * Good humor