About Us
Chess.com is one of the largest gaming sites in the world and the #1 platform for playing, learning, and enjoying chess.
We are a team of 600+ fully remote people in 60+ countries working hard to serve the global chess community. We are here to support 185M+ chess players worldwide with the best possible product, content, and tools to serve the community!
We are a tech company. A gaming company. A content company. And we do it all with passion and commitment to the game. Above all we prize our mission-driven, flat, life-celebrating, no-corporate culture, and we look forward to meeting you and learning more about what you can bring to the team.
About You
You are experienced, resourceful, and tactical in your abilities to identify, own, and solve problems. You have experience in cybersecurity and expert-level quick-thinking abilities to foresee issues before they arise. You are humble and both a learner and a teacher, depending on the situation. You are comfortable in a remote-first environment, communicating in a kind and professional manner via slack, and frequently posting updates in public channels keeping everyone aware of your efforts and progress. You have a strong desire to turn your talents towards chess!
What you'll do
- Triage, reproduce, and assess vulnerabilities submitted through the Bug Bounty Program, and work with the Engineering Teams to close the discovered gaps.
- Work closely with the Engineering Teams to perform Threat Models of their solutions, acting as a security advisor when appropriate, and ensuring designs are vetted and adhering to security industry standards.
- Review Penetration Testing results and SIEM reports. Translate the findings into actionable tasks in Jira and track them to completion.
- Apply updates to the WAF and various other security systems where applicable, and/or support the Engineering Teams to address findings.
- Evaluate security software and systems used by the company. Attend product demos to help determine the best solution for our company. Lead these efforts from beginning to end.
- Act as a security expert, guiding developers and projects to ensure security best practices.
- Be a security advocate in Slack and Zoom meetings. Proactively joining slack conversations to represent Security and provide guidance. We rely heavily on Slack for communications, so you should be comfortable with that, and a very active contributor within the Slack workspace.
Preferred Skills
- 3+ years professional experience in web application security
- Strong written communication skills in English
- Familiarity with Burp Suite or similar tools for viewing and tampering with web requests
- Prior experience with a Bug Bounty program is a plus
- Experience in Python, PHP or JS
- Strong collaboration and communication skills working in a fully distributed team primarily using Slack and some Zoom meetings
- Programmer mindset. We prefer to automate software that defends our systems.
- Sense of ownership and responsibility
- Chess player
- Lifelong learner
About the Opportunity
- This is a full-time opportunity
- We are 100% remote (work from anywhere!)
- This role is open to candidates from anywhere!
---
You can learn more about us here: