Senior Security Engineer

Our mission at Duolingo is to develop the best education in the world and make it universally available. But we’ve got more left to do — and that's where you come in! Duolingo is the most popular language-learning application in the world, with over 500 million users and over half a billion exercises completed daily. Beyond our core learning product, we have also entered into literacy with Duolingo ABC, English proficiency testing with the Duolingo English Test, and even Math . We are passionate about educating our users, making fact-based decisions, and finding innovative solutions to complex problems. We offer meaningful work, limitless learning opportunities, and collaboration with world-class minds. Come brighten your life and over half a billion more! Join Duolingo as a Security Engineer and play a pivotal role in safeguarding our systems, employees, learner data, and services across our rapidly-growing language learning platform. With over 650 employees and 21 million daily active users, your expertise will be critical in maintaining the highest security standards, while continuously enhancing our infrastructure security and ensuring compliance. You Will... Design and develop scalable monitoring and response systems for security alerts to proactively mitigate risks Continuously evaluate Duolingo's security posture, anticipating future threats and devising appropriate countermeasures Collaborate with development teams to conduct threat modeling, identify risks, and provide guidance on mitigations Be a partner to our security champions, organizing and growing the program across Duolingo to ensure the efficient distribution of security knowledge Implement dependency checks for open-source software within applications Participate in regular product security tabletops with organizational partners Work on deploying early alerting systems throughout our environment and the responsive automations that trigger when they alert Develop a continuous verification and testing system for security controls and critical features Work with our partners in finance to ensure we maintain compliance with our regulatory obligations Collaborate with IT to improve the security of our offboarding processes by introducing automation and well documented procedures You Have... Experience deploying, managing, and troubleshooting security scanning tools in the CI/CD pipeline Familiarity with Linux system administration, automation, and Python programming A desire to learn more about security and develop the foundational building blocks of the program Strong collaboration, emotional intelligence, and communication skills Requirements: A Bachelor’s degree in Computer Science or related technical field Proven experience developing and maintaining microservices 2+ years working on collaborative development teams Experience in product, application, or cloud security Willingness to work in both backend engineering and operational engineering dependent on the needs of the organization Exceptional Candidates Will Have... Familiarity with containerization runtimes (Docker, rkt) Experience securing a large infrastructure on AWS Threat modeling experience across various architectures and understand how to align those with business goals Demonstrable experience in designing and managing multi-account cloud environments Experience communicating sophisticated technical requirements to audiences of variable technical sophistication Experience working in Terraform, developing modules and creating secure by default configurations Familiarity with security scanning tools such as SemGrep, Nuclei, Trufflehog, and Checkov We invest in and support our Duos! This role is eligible for a robust compensation package of base salary, equity, and Duolingo’s world-class benefits. The starting base salary range for this role is, $ 148,800 - $ 274,600 . Actual salary may vary based on level, work experience, performance, and other factors evaluated during the hiring process.   We will do everything we can within reason to make sure that your interview takes place in an environment that fairly and accurately assesses your skills. If you need assistance or accommodation, please contact your recruiter. Because Duolingo requires all employees to return to work from an office, all employees will need to be fully vaccinated against COVID-19 as recommended by the Centers for Disease Control and Prevention to remain employed unless they have an exemption to vaccination pursuant to a required reasonable accommodation. This is so that our employees feel safe in the office. Take a peek at how we care for our employees' holistic well-being with our benefits here . Duolingo is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. By applying for this position your data will be processed as per the  Duolingo Applicant Privacy Notice .