At 1Password, we build apps. Quite a few apps – apps for everyone. But 1Password itself is a security product, which means cryptography is our focus and we’re always making sure the data people store in 1Password is safe, even if an antagonist finds their way to it. Security is more than a feature. It’s not just our security architecture that keeps people safe, but also the security of the 1Password applications and how they are built.
As 1Password grows in popularity, the team is getting new folks each month as well. And everyone on the team learns about how we keep our customers’ data private and safe, as well as more formal policies. The security team makes sure all these policies are upheld across the board, and if someone on the team has a question, it gets answered in a way they can understand, even if they don’t understand the specifics of cryptography.
When CTOs and other folks approach us about using 1Password at their company, our (small) security team is ready to answer the questionnaires they send over. But our response time is slower than we’d like, so we’re adding someone new to the team. We also wish to better demonstrate to the world that we meet and exceed security and privacy expectations, and so we need to manage compliance and certification processes.
With such a wide range of security tasks that our security team is responsible for, there’s a place for you if you care deeply about the security and privacy of 1Password users, embrace learning new things, and help the team grow in an accountable way.
What you might do
- Bring a different perspective to our public and internal security documentation, and help us improve its usefulness for everyone.
- Review the 1Password source code for potential security issues and help the product teams correct them.
- Work with the support team to answer the more technical security questions and situations they encounter.
- Coordinate third-party risk and security assessments of 1Password.com and maintain relationships with those organizations.
- Create risk assessments, educational guidance, and best practice recommendation, including guidance for disaster recovery and business continuity planning.
- Dabble in pen testing. Not the writing kind, the “keep 1Password safe” kind.
What you have
- A deep commitment to the privacy and security of 1Password users.
- A confident understanding of cryptography: You can read the 1Password White Paper and explain many of its concepts to current or potential 1Password users.
- Adaptive explanatory skills that get people to understand, not just hear, what you're saying.
- An understanding that security is a process, which includes, among other things, squashing potential bugs before they become bugs.
- A love of learning.
What you might also have
- Personal experience with 1Password.
- A history with the acronyms HIPAA, SOC, GDPR.
- Experience with server-level security.
- Experience with developing or managing internal security procedures or training.