Bonfire.com is transforming the way people buy and sell high quality custom apparel. As a leading online fundraising site, we’ve helped thousands of causes and organizations raise millions of dollars by selling their own custom shirts.
We are looking to hire a Java Spring Developer. Don’t like HTML or CSS? Great! You will be working on our REST API and Angular frontend. HTML/CSS will be handled for you. We are looking for a long-term relationship and committed individuals to join our team.
This is a remote position. You have an amazing opportunity to join our fast growing platform and make it grow even faster.
We offer you outstanding team environment, low stress atmosphere, and an opportunity to advance your career by building amazing things on a modern tech stack.
Are you an expert in the inner workings of the FTP protocol or SFTP protocol? Would building a server that achieves perfect compatibility with the RFC while still managing to support buggy clients make you smile?
If so, we’d like you to learn about Files.com!
Files.com is one of the largest providers of commercial FTP and SFTP server hosting in the world. Our service was originally launched as BrickFTP, and even though we’ve grown beyond FTP in our service offerings, we have thousands of businesses that rely on our services 24/7 for reliable FTP and SFTP server hosting.
Our FTP and SFTP server code is primarily written in Java and leverages open source code from the Apache foundation (that we have considerably extended).
We’re looking for a rare unicorn who knows FTP and/or SFTP at a protocol level and knows Java to help us modernize our FTP and SFTP server code and implement many new exciting features.
As an FTP or SFTP server developer at Files.com, you’ll take ownership of our FTP and SFTP server code, helping us keep it modern, fast, and maintainable, while implementing exciting new features.
These codebases are currently written in Java, and we want applicants to be comfortable in Java, but we are also interested in rewriting these in more modern languages such as Go or Elixir, especially if we can leverage existing FTP or SFTP libraries.
In this role, you’ll work on the following things and more:
Keeping our SSH and TLS cryptography up to date, including integrating new ciphers and curating the list of approved ciphers for maximum security.
Ensuring that our FTP and SFTP server products are maximally compatible with the wide range of client software in the wild (even the buggy software).
Optimizing our FTP and SFTP servers for speed and throughput so our customers get the fastest server experience possible.
Integrating new features such as client-side encryption.
5+ years of directly applicable experience.
Deep understanding of the FTP and/or SFTP protocols at the protocol level. Having written an FTP or SFTP client or server in the past would be a strong indicator of this.
Strong Computer Science background and understanding of algorithms and data structures.
History developing and supporting actual applications that have seen production usage with a large userbase.
Complete understanding of how to write secure code and an awareness of common web application security vulnerabilities.
Solid experience with Java, ideally the new features in Java 8 and Java 10.
It's 2019 isn't it time to find a job that lets you work where you want?
Who Is Follow Up Boss?
We’re a simple, sales-focused CRM for real estate teams (and we use our own product)
We’re a self funded, profitable company started back in April of 2011
We’re a remote company with a mostly US-based team
We don’t just claim to be customer-centric - we live it: https://www.facebook.com/followupboss/reviews
Check out our video on how we work: https://www.followupboss.com/about/
Why Would You Want To Work Here?
We’re a young, ambitious company who only answers to our customers
Opportunity to have a big impact on our growth and your career
No red tape or pointless meetings
Competitive salary, health/dental insurance and 20 days paid holiday, $1000 to outfit your home office, yearly company meetup
This Role Is For You If…
You are passionate about Information Security and have solid experience in the field.
You would describe yourself as patient, empathetic and having a good sense of humour
You’re independent, self-motivated and can stay efficient and productive without someone looking over your shoulder all day long
Superb written and verbal skills (with a professional yet fun demeanor).
You enjoy programming and creating solid, tested, reliable things over just breaking things.
Reject the idea of security being a blocker, and enjoy collaborating with colleagues across teams to ship projects securely
Have the ability to work with others and helping them to understand security is far more important than knowing about the latest ROP gadget finding techniques.
This is a hands-on technical position where you will work with the Infrastructure and Product teams to ensure the secure release of applications.
Security architecture experience and the ability to consult with engineering teams working on technology projects will be key to success.
You have thorough familiarity with techniques used by real world attackers and should be able to prioritize detection and attack surface reduction efforts based on this knowledge.
Self motivated and proactive mindset.
Remote work experience is considered an asset.
Based in the USA, quiet home office with fast internet.
Strong experience in penetration testing or related activities, including at least network and application security experience.
Understand modern web application architecture, TCP/IP, HTTP, and standard network and system security technologies
A strong knowledge of securing production LAMP (PHP) stacks, as well as a solid understanding of iOS and Android apps is a must.
Strong knowledge of internet security issues.
Strong knowledge of UNIX and networking protocols.
Your responsibilities will include:
Take a leadership role in driving security and privacy initiatives at Follow Up Boss.
Establish, advocate and enforce security policies and best practices among our team members.
Lead efforts to keep our customers' data and company assets safe.
Review changes in internal processes and IT systems to make sure the changes being made don't have adverse effect on security.
Provide security guidance for our products and technologies
Collaborate with colleagues across a variety of teams to architect & ship projects securely
Discover, analyze, assess, and respond to various threats in Follow Up Boss's web stack, iOS and Android applications.
Investigate security-related reports from customers, internal team members or general public, assess risks and damage, plan recovery actions and lead the effort to execute the plan.
Review changes in software we produce to make sure we follow best security practices and the changes being made don't have a negative effect on security.
Evaluate and provide recommendations on third party applications and services and the security implications associated with their use.
Understand offensive techniques/tactics and be able to prioritize mitigation techniques or technologies accordingly.
Instrument and perform anomaly analysis of systems and applications
Ability to discover new and interesting security problems as well a fix them.
Mentor other team members.
30 Day Targets:
Become familiar with the product architecture, infrastructure, and existing tools.
Pair with engineers to gain knowledge about the system and how we work.
Improve the new hire onboarding process, by being a part of it.
60 Day Targets:
Take active part in the internal security related work (e.g. assessing company VPN, implementing AWS IAM security best practices, SSH + 2FA, etc)
Work with fellow engineers to ensure authorized access to internal tools, servers, and sensitive customer data.
90 Day Targets:
Identify top security issues and develop a solid plan to address them
Develop internal physical security policies.
Review and produce plan to comply with Google Compliance External Security Audit.
Our Core Engineering Values
Focus and Prioritization
If this sounds like a great fit we would love to hear from you.
We're not accepting applications from agencies.