Return to jobs Return to jobs

Security Engineer

Chess.com

Clock

Posted over 30 days ago...

Expired

Join the frontline of cybersecurity at Chess.com, the world's leading chess platform, and safeguard the gaming experience of millions

Overview

icon Salary

No salary declared 😔

icon Location

icon Nomad Friendly?
Tick

100% Remote- Worldwide

icon Expires

Expires at anytime

Chess.com is the premier destination for chess enthusiasts of all levels, with a global presence spanning 195 countries and services in over 70 languages. The platform is experiencing phenomenal growth and is now seeking a Security Engineer to help protect its vast user base of over 150 million members. This is an opportunity to play a vital role in a company that combines a passion for chess with cutting-edge technology and a commitment to user safety.

Role Summary:

  • Manage the Bug Bounty Program by triaging, reproducing, and assessing vulnerabilities.
  • Advise Engineering Teams on Threat Models, ensuring security standards are met.
  • Interpret Penetration Testing and SIEM reports, converting findings into actionable tasks.
  • Update and maintain WAF and other security systems.
  • Evaluate and lead the implementation of new security software and systems.
  • Provide expert security guidance to developers and projects.

Role Requirements:

  • 3+ years of experience in web application security.
  • Proficiency in English with strong written communication skills.
  • Experience with Burp Suite or similar web request tools.
  • Prior involvement with a Bug Bounty program is desirable.
  • Knowledge in PHP or JS.
  • Ability to work collaboratively in a fully distributed team.
  • A sense of ownership and responsibility.
  • Enthusiasm for chess and a commitment to continuous learning.

Chess.com supports a flexible and remote work culture, allowing you to contribute from anywhere in the world. If you're ready to make a strategic move in your career, learn more about us and how our virtual team operates by visiting here and here. We're excited to welcome a new member to our skilled and diverse team!

About Us

Chess.com is the #1 place on the internet to play chess and improve your game.  We have members in 195 countries and appear in 70+ languages.  We are looking for a Security Engineer to join and help protect our  150+ million members.  In this role, you will leverage both your programming and analysis skills alongside the security team to proactively increase the security posture of our entire tech stack.

About You

You are experienced, resourceful, and tactical in your abilities to identify, own, and solve problems. You have experience in cybersecurity and expert-level quick-thinking abilities to foresee issues before they arise.  You are humble and both a learner and a teacher, depending on the situation. You are comfortable in a remote-first environment, communicating in a kind and professional manner via slack, and frequently posting updates in public channels keeping everyone aware of your efforts and progress. You have a strong desire to turn your talents towards chess!

What You’ll Do

  • Triage, reproduce, and assess vulnerabilities submitted through the Bug Bounty Program, and work with the Engineering Teams to close the discovered gaps.
  • Work closely with the Engineering Teams to perform Threat Models of their solutions, acting as a security advisor when appropriate, and ensuring designs are vetted and adhering to security industry standards.
  • Review Penetration Testing results and SIEM reports. Translate the findings into actionable tasks in Jira and track them to completion.  
  • Apply updates to the WAF and various other security systems where applicable, and/or support the Engineering Teams to address findings.
  • Evaluate security software and systems used by the company.  Attend product demos to help determine the best solution for our company. Lead these efforts from beginning to end.
  • Act as a security expert, guiding developers and projects to ensure security best practices.

Preferred Skills

  • 3+ years professional experience in web application security
  • Strong written communication skills in English
  • Familiarity with Burp Suite or similar tools for viewing and tampering with web requests
  • Prior experience with a Bug Bounty program is a plus
  • Experience in PHP or JS
  • Strong collaboration and communication skills working in a fully distributed team
  • Sense of ownership and responsibility
  • Chess player
  • Lifelong learner

About the Opportunity

  • This is a full time or equivalent position
  • We are 100% remote (work from anywhere!)
  • This is open to applicants from anywhere!

Links

You can learn more about us here:

  • https://www.chess.com/blog/erik/how-chess-com-s-100-person-virtual-team-works-together
  • https://www.chess.com/about 

We look forward to meeting you!

Organisations to follow.

Medal
Computer

FOR ORGANISATIONS

Your progressive people partner

Post your jobs, become a Top 1% Employer and more. We work with organisations who aspire to do things differently.

Learn More
*** 🚨 Announcing Top 1% Employer: Escape Verified 💥 ***
Info