Staff Security Engineer

About Karbon

Karbon is the global leader in practice management software for growth-minded accounting firms. We provide an award-winning highly collaborative cloud platform that streamlines work and communication enabling the average accounting firm using Karbon to save 18.5 hours per week per employee.

We have customers in 34 countries and have grown into a globally distributed team with our people based throughout the US Australia New Zealand Canada the United Kingdom and the Philippines. We are well-funded ranked #1 on G2 have a fantastic team culture built on our values are growing rapidly and making a global impact.

Seeking a development & cloud focused Staff Security Engineer to join a newly formed security team focused on uplifting and maintaining Karbon;s security practices.

The ideal candidate will have passion for AppSec and be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes.

Key Responsibilities

• Balance Security and Delivery You know how to balance delivery needs with security and can communicate security risks and issues to non technical stakeholders. You understand when its important to push back when to compromise and how to work with delivery teams to reach a great outcome
• Work effectively as part of a team security is a team sport and you understand the need to build relationships and trust across the organization to enhance Karbons security posture. You are happy to answer questions and offer advice to teams that will reach out for your assistance
• Build and maintain Our Security team is young and you are excited to bring your ideas to contribute to Karbons security road map. You keep up to date on the latest technologies and approaches but understand the importance of foundational security practices such as good account hygiene MFA and secret management.
• AutonomyYou are inherently curious focused on continual learning and faced with challenges and direction rather than predefined solutions you engage fully and creatively with problems.
• Own your workYou take pride in your work feeling a deep sense of responsibility for the products we develop and ensuring we keep our customers valuable data secure. This sense of ownership is paramount and you share this commitment.
• Bring your passion and personalityYour creativity curiosity and authentic self make the team stronger. If youve worked in highly political environments youll find our culture free from office politics and valuing openness and authenticity a refreshing change.

Qualifications

7 years experience in a security or development role across most of the following:

• Collaborating with teams to review designs & implementations for security issues and embedding good security practices
• Contributing to and helping drive a security roadmap
• Conducting risk and vulnerability assessments of web applications and APIs and working with third party penetration testing companies
• Triaging issues and reports and assisting teams remedy items
• Configuring and tuning SAST SCA and DAST Tooling & WAF Protections
• Working with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines)
• Implementing security focused alerting and detections and automations
• Conducting and facilitating organizational & developer focused security training
• Assisting with operational security items such as EDR alerts and MDM

In addition youll need:

• Strong communication skills (spoken and written)
• Some of the following Languages/Frameworks: /C# JavaScript Python (we use React and EmberJS)
• At least one cloud platform: Azure AWS or GCP (we use Azure predominantly)
• Portswigger Burp or similar
• Working knowledge of PowerShell or Bash and Python
• Certifications such as Offsec OSCP & AWAE GIAC Burp Practitioner PJPT Microsoft/AWS development and cloud related are nice to have

Why work at Karbon

• Gain global experience across the USA Australia New Zealand UK Canada and the Philippines
• 4 weeks annual leave plus 5 extra Karbon Days off a year
• Flexible working environment
• Work with (and learn from) an experienced high-performing team
• Be part of a fast-growing company that firmly believes in promoting high performers from within
• A collaborative team-oriented culture that embraces diversity invests in development and provides consistent feedback
• Generous parental leave

Karbon embraces diversity and inclusion aligning with our values as a business. Research has shown that women and underrepresented groups are less likely to apply to jobs unless they meet every single criteria. If youve made it this far in the job description but your past experience doesnt perfectly align we do encourage you to still apply. You could still be the right person for the role!

We recruit and reward people based on capability and performance. We dont discriminate based on race gender sexual orientation gender identity or expression lifestyle age educational background national origin religion physical or cognitive ability and other diversity dimensions that may hinder inclusion in the organization.

Generally if you are a good person we want to talk to you.

If there are any adjustments or accommodations that we can make to assist you during the recruitment process and your journey at Karbon contact us at for a confidential discussion.

At this time we request that agency referrals are not submitted for this position. We appreciate your understanding and encourage direct applications from interested candidates. Thank you!