Security Engineer

Sourcegraph (View all Jobs)


Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄

Interview Process

1. Tailored to the candidate, often consists of take-home work, discussion of real-world eng challenges, and product familiarity.

Programming Languages Mentioned

JavaScript, C


Who we are

Our mission at Sourcegraph is to make it so that everyone can code, not just ~0.1% of the population. Our code intelligence platform helps developers and companies with billions of lines of code create the software you use every day. By enabling more people to code, we believe we will create economic opportunity across the world and will drive progress that benefits everyone.

It’s an exciting time to join Sourcegraph. Our business is growing rapidly: we’ve experienced exponential growth and our $125M Series D from Andreessen Horowitz and $50M Series C from Sequoia have given us the opportunity to make big ambitious bets on our future. We have a huge market (every company that builds software) and massive opportunity (most developers haven't even heard of code intelligence yet, but once you've used it, you can't live without it--just like Google). By continuing to hire exceptional people, we have the opportunity to make Sourcegraph one of the biggest technology companies in the world.

Working hours

Given that we are an all-remote company and hire almost anywhere in the world, we don’t have a location requirement for this role. However, your working hours must overlap with Central Standard Time (CST) Monday to Friday. 

Why this job is exciting

As a Security Engineer, you will be part of our exceptional security team tasked with building world-class security into our product offerings by working on vulnerability management, dynamic testing and scanning, bug bounty programs, and security reviews for both application and infrastructure security. Proactively improve the security of our codebase, our product, our cloud, and our customers' on-premise deployments. 

Within one month, you will...

  • Contribute to the team's goals and deliverables for securing Sourcegraph, enabling customer to upload private code repositories
  • Discover, fix, and mitigate infrastructure vulnerabilities by updating libraries, base images, and analyzing containers
  • Enhance our security with audits, best practices, code fixes, and continuous education
  • Perform reactive incident response if a security event occurs

Within three months, you will...

  • Enhance our security measures and policies to support organizations on Sourcegraph managed instances
  • Work with other teams to triage, troubleshoot and mitigate customer concerns and questions about our security
  • Work together with your manager on a career plan with actionable goals

Within six months, you will...

  • Work with other teams and engineers to implement secure coding guidelines and best practices
  • Perform proactive research to detect new attack vectors
  • Perform threat modeling for existing and future applications 
  • Assess and integrate new tools and technologies to improve our operational efficiencies
  • Work towards compliance with SOC 2 & GDPR standards

About you

Equal parts engineer and security professional, you are excited about joining a team that is building a world class security system trusted by some of the biggest tech companies in the world.  You and your teammates are Sourcegraphs first line of defense against bad actors using all the newest and dirtiest tricks to hack us and (more importantly) our customers.  You want to be a part of the foundational team, the first steps we are taking to build something big, something trusted, something critical to software and our customers

Learn more about our team and our goals. Learn more about our company values and our guiding engineering principles.


  • You have practical experience securing SaaS applications including infrastructure security, application security, and compliance
  • You have experience using and automating a wide range of defensive security tools
  • You have experience developing software as an engineer (i.e., writing code and contributing directly to applications)
  • You have experience working across engineering teams to support secure coding across the organization.
  • You are high agency
  • You communicate effectively in writing and documentation


  • You have experience working in a startup or tech company environment
  • You have experience with Go, Typescript, Terraform
  • You have experience with Kubernetes, GCP
  • You have experience with on-premise deployments

Interview Process [~4.5 hours Total Interview]

Below is the interview process you can expect for this role (you can read more about the types of interviews in our Handbook). It may look like a lot of steps, but rest assured that we move quickly and the steps are designed to help you get the information needed to determine if we’re the right fit for you… Interviewing is a two-way street, after all!

  • Intro Conversation Stage - we have initial conversations to get to know you better…
  • Team Interview Stage - we then delve into your experience in more depth and introduce you to members of the team…
    • [45 min] Technical experience interview with Security team.
    • [45 min] Code walkthrough interview with Security team.
    • [30 min] Cross-functional team collaboration interview with design and product
  • Final Interview Stage - we move you to our final round, where you meet cross-functional partners and gain a better understanding of our business and values holistically…
  • And that’s it! Please note - you are welcome to request additional conversations with anyone you would like to meet, but didn’t get to meet during the interview process.

#LI-FA1 #Li-Remote 

Not sure if this is you?

We want a diverse, global team, with a broad range of experience and perspectives. If this job sounds great, but you’re not sure if you qualify, apply anyway! We carefully consider every application, and will either move forward with you, find another team that might be a better fit, keep in touch for future opportunities, or thank you for your time.

Learn more about us

To create a product that serves the needs of all developers, we are building a diverse all-remote team that is distributed across the world. Sourcegraph is an equal opportunity workplace; we welcome people from all backgrounds and communities. 

We provide competitive compensation and practical benefits to keep you happy and healthy so that you can do your best work.  

Learn more about what it is like to work at Sourcegraph by reading our handbook.

We want to ensure Sourcegraph is an environment that suits your working style and empowers you to do your best work, so we are eager to answer any questions that you have about us at any point in the interview process.

Go back to the careers page for all open positions.

Please mention No Whiteboard if you apply!
I'm a one-man team looking to improve tech interviews, and could use any support! 😄

Get weekly alerts of new jobs from companies not using whiteboard interviews!