Staff Software Engineer, Platform Security

More broadly, Discord is about empowering people to find belonging in all kinds of communities, and those people trust us to keep their communications safe. Our Platform Security Engineering team protects the systems we use to create Discord, making the "secure way" the "easy way."

We're looking for a Staff Engineer to advance this mission through security expertise, software development, and operational excellence. In this technical leadership role, you'll articulate and pursue the most leveraged opportunities to reduce security risk across Engineering, designing and building lovable "paved paths" for managing identities and access, shipping code, configuring cloud infrastructure, and operating services.

If you're a security engineer who's deeply curious, eager to own technically and socially complex projects, and excited to improve security and privacy at Discord, read on!

What you'll do

• Shape company-wide security strategy and lead software engineering projects on a highly-autonomous and horizontally-integrated team with a lot of leverage. This is a code-forward role!
• Develop and apply best-in-class secure baselines for cloud infrastructure.
• Secure first- and third-party software supply chains, from the dev environment through CI/CD and into production.
• Build and own identity and access management (IAM) systems that are user-friendly and promote least privilege.
• Manage infrastructure vulnerabilities while supporting rapid growth for Engineering.
• Consult on risk assessments, architectural designs, threat models, code reviews, and more-pragmatically balancing security with other business considerations.

Example projects

• Support IAM with scalable platform solutions (check out https://discord.com/blog/access-a-new-portal-for-managing-internal-authorization).
• Build tooling to prevent and address vulnerabilities across our infrastructure.
• Integrate service-to-service authentication and authorization into Discord's internal developer platform.

What we look for

• 5+ years of experience building and operating production systems or infrastructure
• 5+ years of experience writing software in a general-purpose programming language (we mainly use Python and Rust)
• 4+ years of experience securing systems with millions of users
• Experience mentoring junior ICs and leading technical projects involving multiple engineers and spanning multiple quarters
• Experience designing and building software for customers (internal or external) beyond your immediate team
• Experience securing cloud environments (e.g. GCP, Cloudflare, AWS)
• Experience defining and orchestrating containers (e.g. via Kubernetes, Docker, Distroless, OCI)
• Familiarity with build and CI/CD technologies (e.g. Terraform, Bazel, Buildkite)
• Understanding of modern authentication and authorization concepts (e.g. RBAC, OAuth, Zero Trust network architectures, mTLS)

Bonus points if you have…

• Developed and debugged distributed systems atop GCP and Cloudflare
• Led complex migrations or risk management programs across an engineering organization
• A system to discover industry tools that can multiply your team's impact
• Experience securing multi-cloud environments
• Built or operated a service mesh (e.g. Envoy, Istio)
• Managed and secured VMs or bare-metal hosts (e.g. Linux, Salt)

The US base salary range for this full-time position is $248,000 to $279,000 + equity + benefits. Our salary ranges are determined by role and level. Within the range, individual pay is determined by additional factors, including job-related skills, experience, and relevant education or training. Please note that the compensation details listed in US role postings reflect the base salary only, and do not include equity, or benefits.