Security Engineer

Get to know us

eyeo is an open-source software company that builds products like Adblock Plus, Adblock Browser and Flattr. By leveraging distribution partnerships, we bring ad-blocking technology everywhere, giving users control over their online experience while offering creators, publishers and advertisers more ways to earn money for the free content they provide.

In combining our reach based on distribution partnerships and our own products, our technology runs on over 150 million devices.

At eyeo, we’re passionate about user agency, personal privacy, sustainability and keeping the web an open, fair resource for everyone.

How we work

eyeo colleagues are based all over the world. We practice agile and work in distributed, cross-functional teams that span nearly every timezone. Many of our tech teams prefer to work asynchronously.

What you'll do

Keep us safe, keep our users safe, keep our infrastructure safe. 

Make eyeo’s products more secure and help develop this culture of security within the company.

After your morning coffee, you'll be expected to...

• Ensure infrastructure and endpoints are secure including but not limited to:
  • Performing secure configuration error discovery
  • Performing threat hunting, vulnerability and patch management
  • Implementing and managing secure network architectures
  • Ensuring operating system hardening
• Establish a holistic view of the organization’s attack surface and possible risk
• Perform logging, monitoring, alerting and log analysis on eyeo assets
• Design, implement and manage information security and anomaly detection tools
• Perform risk assessment, internal penetration tests and manage 3rd -party penetration tests
• Ensure secure identity and access management
• Provide security guidelines to eyeo operations team, feedback on security policies, technical support on audits (internal & external)
• Participate in incident management
• Identify, respond to and remediate active attacks

What you bring to the table...

• Experience in intrusion analysis, detection and incident response
• Experience in ethical hacking or penetration testing.
• Advanced knowledge and understanding in various disciplines: threat intelligence, IAM, key management systems, data security, application security, web application and browser security, security protocols, operating system internals and hardening, network security, vulnerability management.
• Knowledge and understanding of attack surfaces for enterprise infrastructures, systems and services
• Knowledge and understanding of network devices, multiple operating systems (e.g. Windows, Linux, OS X, Android), and secure architectures
• Familiarity with various cybersecurity-related frameworks and compliance standards (SOC 2, NIST, BSI, ISO 27001, etc.)
• Ability to code in one or more general purpose languages

It's awesome, but not required, if you have...

• Affinity for open source
• Knowledge of correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
  Certifications related to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, OSCP etc.)

What we offer

• Work from home or one of our offices —we trust you to find what works best for you
• Stipend for one of the following: home office or relocation
• Flexible working hours
• 28 days paid vacation days
• Your choice of hardware and setup
• Personal and professional development budget
• Monthly childcare stipend for children under 6
• Offsite team days and annual summer company retreat in Cologne
• Company-sponsored hackathons

Privacy Notice

When you apply, you’ll be automatically forwarded to our recruitment platform operated by an external service provider called Greenhouse (seated in the US). Greenhouse collects some information on its website, such as anonymous usage statistics, by using cookies, server logs, and other similar technology. For more information, please refer to Greenhouse’s Privacy Policy. All documents and information provided by you are stored with Greenhouse. In order to ensure an adequate level of data protection, eyeo and Greenhouse have entered into the EU Standard Contractual Clauses (“processors”) - Commission Decision C(2010)593. You can request a copy of this by contacting us at privacy[at]eyeo.com. If you don’t want your data forwarded to Greenhouse, please do not apply. For detailed and further information, please refer to our Privacy Policy at https://eyeo.com/en/privacy.

Deadline for applications: 19.09.2021.