Here at ZIVVER we help businesses secure their communications such as email and file transfer. As an ambitious self-starter you are eager to jump in and build this fast growing scale-up together with us. How? You will be part of the small Security team that is responsible for guarding ZIVVER from various threats. It is our core job to protect the confidentiality, integrity and availability of data. It is your job to prepare ZIVVER for cyber attacks, inside threats and bad luck. Since ZIVVER is a scale up, this means building the foundations of a security operation center. You will closely collaborate with the Engineering team and integrate security in the way we work as much as possible.
A Day at HQ
You just started your workday when a colleague of the engineering team asks if you could brainstorm with him on how to embed security in the development pipeline. That is interesting so you quickly plan a meeting for later that morning because you first have to look at some alerts that need to be investigated. There seems to be some suspicious behavior going on on the platform. You spend a couple hours on this and you are relieved: it was a false alarm. Nevertheless you found a few easy ways to improve the alerting and made sure to make a note of that. Hopefully you have some time later this week to pick this up.
After lunch you have a look at the incoming vulnerability reports in HackerOne. There is one interesting report on a possible bypass of a rate limiter. The report turns out to be valid. You respond to the security researcher and create a follow up ticket for the engineering team.
In the afternoon you attend the Security Core in which the security team comes together to discuss ongoing security concerns. You present the insight you gained by improving the intrusion detection tooling. The team is happy with the progress and asks some good and critical questions. You feel motivated and can’t wait to continue working on this. But the last hour of the day you start investigating the best ways to do load testing. Sales just landed a great new deal and this means: many more users on the platform. So there is a brainstorm session planned tomorrow with the Information Security Officer and the DevOps team to figure out how to incorporate load testing the pipeline. After work you head to the Hummingbar to get a beer and get ready for the Hackathon that has been planned that evening.