Timescale is building out a dedicated security function working towards a spotless security posture, allowing us to tackle security concerns early on in development. We’re looking for a talented and versatile InfoSec professional to help us reason about these security concerns, and work with our teams to engineer secure and robust systems at scale.
If you’re the kind of person who reasons through things from first principles, rather than robotic memorization of security “rules of thumb”, and you are good at balancing theoretical concerns with practical ones, you’re an excellent fit for this role.
In this role, you will be leading the execution arm of all security engineering related matters in the company, and will be playing a major role in setting our security strategy. You will be one of the first security-focused hires, and your opinion will be very important for how we will hire future security roles and how we prioritize them. Your first activities upon joining will likely consist of assessing the current state of our APIs and Database code and immersing yourself in them, helping us strategize a roadmap, and then executing on said roadmap.
You don’t need to fit all of the following criteria, and you are encouraged to apply even if you don’t check all of the boxes or if you feel we’ve left some things out, but keep in mind that this is a Staff Engineer level position and we expect applicants to have a heightened level of mastery over their domain.
What we’re looking for:
- The practical aspects of security engineering are second nature to you. Everything from “we should not use sequential user IDs” and “we should be using SipHash for this hash table”, all the way to “we should probably be fuzzing this part of the codebase” and “we should use a model checker to validate this”;
- A broad and varied understanding of cryptosystems (concepts are more important than specifics, though both count, but we don’t expect you to be neither a Cryptography Engineer nor a Researcher), side-channels/oracles and other information-theoretic concerns, LangSec and other theoretical considerations that apply to building real world systems;
- Excellent threat-modeling skills, both theoretical and practical, concerning mostly the parts that sit above the OS;
- You feel comfortable reasoning through tough problems statistically and mathematically;
- When working through problems you make your assumptions explicit, and you document the surrounding constraints. When constraints change or assumptions are invalidated, you don’t try to shoehorn the previous solution into the new mold — instead you reason through everything that the change invalidates, revisit your assumptions, and rework your way towards a solution;
- You reason through things critically. You understand NIST policies, but you also understand why they are the way they are, the assumptions they make, and what would make them be different from what they are currently. You don’t needlessly challenge established wisdom, but you’re also not afraid of going off the beaten path if you have to;
- You understand the abstract notions of what trust and authority are. You understand that trust can’t be done away with, but merely shifted around. You generally wince your nose when someone claims a system or protocol to be “trustless”;
- You understand the evolving threat landscape, the most common engineering pit-falls related to security, and you keep yourself updated on what’s going on in the InfoSec space. You understand the modern practice of both offensive and defensive security, as well as the organization-level processes that successful companies deploy so that security is dealt with as an end-to-end concern;
- You’re not afraid of rolling up your sleeves and taking an active role in the implementation and deployment of security tooling, capabilities, and processes, as well as helping teams with developing features securely, and with adopting tools that can level up our security posture.
- An understanding of database systems and willingness to work with a codebase written mostly in C, as well as some adjacent Rust subsystems. There might also be some work to be done with our APIs, which are mostly written in Go.
- You definitely don’t need to hit all of the checkboxes in the “What we’re looking for” section. We know that it describes a very wide range of security related activities that is unrealistic for a single person to cover. Our expectation is that you relate to an interesting subset of those things, not all of them;
Timescale is the creator of TimescaleDB, the industry-leading relational database for time-series. Tens of thousands of organizations trust TimescaleDB today with their mission-critical time-series applications. The company is dedicated to serving software developers and businesses worldwide, enabling them to build exceptional data-driven products that measure everything that matters: software applications, industrial equipment, financial markets, blockchain activity, consumer behavior, machine learning models, climate change, and more. Analyzing data across the time dimension (“time-series data”) enables developers to understand what is happening right now, how that is changing, and why that is changing. Timescale is a remote-first company with a global workforce 🌎 and is backed by Tiger Global, Benchmark Capital, New Enterprise Associates, Redpoint Ventures, Icon Ventures, Two Sigma Ventures, and other leading investors. For more information, visitwww.timescale.com or follow @TimescaleDB.
Working at Timescale🐯
Timescale is breaking boundaries and setting new standards in the innovating and rapidly growing time-series data industry. Built on the foundation of people-focused values and principles, Timescale makes sure integrity, mutual respect, and compassion is at the heart of everything we do. Empowered by our Co-Founders, Ajay Kulkarni (CEO) and Mike Freedman (CTO), we are challenging the norm by working with people who continuously inspire and teach us 🤝.
Enjoy debating the crunch-factor of different chicken nuggets 🍗, sweating it out during lunch 💦, talking about your kids, whether they be actual children 👶🏽, potted plants 🪴, or four-legged creatures 🐾? You’ll fit right in at Timescale!
What we’re offering
Benefits may differ from country to country.
- Premium insurance options for you and your family
- FSA/Dependent FSA plans for US based employees
- Flexible PTO and family leave
- Summer Fridays off in August ☀️
- Full remote work from anywhere
- Stock options
- 401(k) retirement plan
- Individual education benefits