As Kiwi.com has grown with incredible speed, our teams created a lot of microservices. This was a trigger for the creation of the Platform team which then gained some control over those.
As the number of services grew, even more, we naturally split into separate squads, one of them being focused on Application Security.
What you can actually work on?
SDL - to help teams with security decisions and to prevent them from introducing new security flaws without introducing friction.
Bug Bounty Program - triaging vulnerabilities from the world’s best hackers on our (currently private) HackerOne program.
Cloud Security - cooperating with our infrastructure squad to secure our Kubernetes and Google Cloud Services with new shiny tools like IAP, Istio or Vault.
Best Practices - creating secure development practices and programs for our engineering teams and external developers
Automation - writing tools to help with the automation of tedious security tasks, e.g. helping with security checks in The Zoo or maintain services such as Security Monkey.
Community - building internal security awareness among developers, making internal security workshops or helping the external community by organizing and speaking on meetups
The Platform Team
We are a group of passionate developers who like to do stuff the right way.
We are happy to write open-source code that gives back to the community.
In the AppSec squad, we mostly spend our free time playing games, playing CTFs or hacking other companies as bug bounty hunters.
What we would like to see?
Curiosity
CTF or bug bounty experience
Background in software engineering
Open source projects or public speaking engagements
Experience with manual secure code review in JavaScript, Python, Go, Kotlin or Swift
Experience with GCP, Docker, Kubernetes, Istio or microservices
Some experience with GitLab CI, DAST, SAST, Burp Suite, dependency or container scanning tools
Awareness of serverless or GraphQL
What we need from you?
Some knowledge of Python or Go
Be comfortable with Linux
Understanding of common web security flaws like XSS or SSRF
Willingness to learn and experiment
Be able to read this job listing without Google Translate
Why it rocks to be at Kiwi.com?
Challenging SDL, as we deploy immediately after a job is completed, not after months of QA.
Do, fail, learn repeat! We understand that mistakes happen and we learn fast.
We decide which cutting-edge technologies are appropriate for the task. This includes Identity Aware Proxy, Istio, Vault or GitLab Ultimate
We love contributing to Open Source
We share our practices by writing articles to code.kiwi.com and speaking at conferences and technological events worldwide.
For example Our Comprehensive Guide to Python Dependencies
We code at hackathons and hack at CTF competitions
We support the local technological community and support the organization of OWASP meetups.
We use our work time wisely with a friendly vacation policy and work schedule.
We also like to party and hang out together.
Dogs, kids, and parties are welcome in our offices.
Besides a fair salary, we can also look forward to quarterly bonuses dependent on our performance
We work, play, relax, workout and even nap in our offices (complete with sauna, gym, masseur, sleeping rooms, canteen, chillout zones, free refreshments, etc.)
We also enjoy standard benefits, such as Sodexo Gastropass for meals and Flexipass for hobbies, sick days, VIP Medical Care, flight vouchers, and a multisport card
Thanks for reading this far! That probably means you’re really excited about this position, we like that!
Are you tired of doing security the old way? You have good ideas, but you are not able to bring them to reality in your current company?
Would you like to work with cutting edge technologies and you would like to play with it more on company wide level? If answer to any of those question is yes, don’t hesitate and apply today!
We offer you
Besides a motivating salary, we offer quarterly bonuses dependent on the company's overall results and your own performance
The opportunity to join our Phantom Stock scheme (for positions from level 5 upwards).
We also enjoy benefits, such as meal vouchers, 20+5 days vacation, Cafeteria program, sick days, VIP Medical Care, multisport card.
Flight vouchers to celebrate your kiwi anniversaries.
Occasional work from home and / or our modern office located in Karlín where you can enjoy sleeping spots, chillout zones, free refreshments, parking for car / bicycle / motorbike.
Hardware from Apple or Microsoft based on your preferences.
Relocation package (including visa support).
We offer unlimited contracts within a forward-thinking and ambitious company.
Dogs, kids, and parties are welcome in our offices.
Grow.Kiwi program which supports parents and keeps them engaged with the company.
Interested? Join us and hack the traditional ways of travel!
Kiwi.com is proud to be an equal opportunity workplace and an affirmative action employer. We review applications for employment without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, ancestry, citizenship, age, uniformed services, genetic information, physical or mental disability, medical condition, marital status, or any other basis prohibited by law.
Throughout the recruitment process and for some time after it’s finished, we’re going to process your Personal Data. You can find all the necessary information in our Privacy Policy available at : https : / / jobs.
kiwi.com / recruitment-privacy-policy / .
