Senior Security Engineer
Duolingo
Our mission at Duolingo is to develop the best education in the world and make it universally available. It’s a big mission, and that’s where you come in!
At Duolingo, you’ll join a team that cares about finding innovative solutions to complex technical problems, running countless experiments (300+ at a time!) with our massive user base to make data-driven decisions, and educating our users and employees alike. You’ll have limitless learning opportunities, mentorship and collaboration with world-class minds, and a variety of projects with large scopes — while doing work that’s both fun and meaningful.
Join our life-changing mission to develop education for our half a billion (and growing!) learners around the world.
About the role
Join Duolingo as a Security Engineer and play a pivotal role in safeguarding our systems, employees, learner data, and services across our rapidly-growing language learning platform. With over 650 employees and 21 million daily active users, your expertise will be critical in maintaining the highest security standards, while continuously enhancing our infrastructure security and ensuring compliance.
You will...
- Design and develop scalable monitoring and response systems for security alerts to proactively mitigate risks
- Continuously evaluate Duolingo's security posture, anticipating future threats and devising appropriate countermeasures
- Collaborate with development teams to conduct threat modeling, identify risks, and provide guidance on mitigations
- Be a partner to our security champions, organizing and growing the program across Duolingo to ensure the efficient distribution of security knowledge
- Implement dependency checks for open-source software within applications
- Participate in regular product security tabletops with organizational partners
- Work on deploying early alerting systems throughout our environment and the responsive automations that trigger when they alert
- Develop a continuous verification and testing system for security controls and critical features
- Work with our partners in finance to ensure we maintain compliance with our regulatory obligations
- Collaborate with IT to improve the security of our offboarding processes by introducing automation and well documented procedures
You have...
- Experience deploying, managing, and troubleshooting security scanning tools in the CI/CD pipeline
- Familiarity with Linux system administration, automation, and Python programming
- A desire to learn more about security and develop the foundational building blocks of the program
- Strong collaboration, emotional intelligence, and communication skills
Requirements...
- A Bachelor’s degree in Computer Science or related technical field
- Proven experience developing and maintaining microservices
- 2+ years working on collaborative development teams
- Experience in product, application, or cloud security
- Willingness to work in both backend engineering and operational engineering dependent on the needs of the organization
Exceptional candidates will have...
- Familiarity with containerization runtimes (Docker, rkt)
- Experience securing a large infrastructure on AWS
- Threat modeling experience across various architectures and understand how to align those with business goals
- Demonstrable experience in designing and managing multi-account cloud environments
- Experience communicating sophisticated technical requirements to audiences of variable technical sophistication
- Experience working in Terraform, developing modules and creating secure by default configurations
- Familiarity with security scanning tools such as SemGrep, Nuclei, Trufflehog, and Checkov
Take a peek at how we care for our employees' holistic well-being with our benefits here.
We will do everything we can within reason to make sure that your interview takes place in an environment that fairly and accurately assesses your skills. If you need assistance or accommodation, please contact your recruiter.
Duolingo is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.
By applying for this position your data will be processed as per the Duolingo Applicant Privacy Notice.
We post a multi-level salary range for all of our roles.
This is not inclusive of the rest of our awesome portfolio that includes equity compensation and world-class benefits. Our salary ranges are the same for all US locations. Your recruiter can share more details about the range for a specific level during the hiring process. The actual salary within the range is determined by many factors including but not limited to, skills, experience, education, and internal equity.