Get to know us
eyeo is an open-source software company that builds products like Adblock Plus, Adblock Browser and Flattr. By leveraging distribution partnerships, we bring ad-blocking technology everywhere, giving users control over their online experience while offering creators, publishers and advertisers more ways to earn money for the free content they provide.
In combining our reach based on distribution partnerships and our own products, our technology runs on over 150 million devices.
At eyeo, we’re passionate about user agency, personal privacy, sustainability and keeping the web an open, fair resource for everyone.
How we work
eyeo colleagues are based all over the world. We practice agile and work in distributed, cross-functional teams that span nearly every timezone. Many of our tech teams prefer to work asynchronously.
What you'll do
Keep us safe, keep our users safe, keep our code safe.
Make eyeo’s products more secure and help develop this culture of security within the company.
After your morning coffee, you'll be expected to...
- Build, implement and maintain information security tools
- Automate security controls, create security reviews of software applications, and work on process and procedure improvements to reduce risk
- Understand and apply best practices with focus on Application Security in the SDLC
- Communicate security risks and solutions to business partners and IT staff
- Work closely with product and platform teams to implement, upgrade and monitor security controls and measures
- Provide coaching and support to the teams, including secure design, code reviews and tooling
- Assess current security posture and future architecture, providing a viable solution path to bridge the gap that balances security risks and product advancement.
Support the SecOps team in the following tasks:
- Response and remediaiion on active attacks on enterprise assets
- Risk assessment and Threat Modelling
- Internal pentest and 3rd party pentest
- Providing security guidelines to eyeo operations team, feedback on security policies, technical support on audits (Internal & External)
What you bring to the table...
- 3 years experience minimum C++, Java (preferably on android sdk)
- Familiar with OWASP Secure Coding Practices
- Strong preference for working experience with security tools, using static code analysis, dynamic code analysis, and 3rd-party library assessment tools
- Experience in Threat Modelling
- Bachelor's degree in Computer Science or related field or equivalent working experience
- Deployment (CI/CD) processes/concepts, REST API technology and methods and common security vulnerabilities and fixes
- Current understanding of industry security trends and emerging threats
- Knowledge and understanding in various disciplines: threat intelligence, IAM, key management systems, data security, application security, web application and browser security, security protocols, vulnerability management.
- Knowledge and understanding of attack surfaces
It's awesome, but not required, if you have...
- Experience in intrusion analysis and detection and can provide solutions
- Experience in ethical hacking, penetration testing or being a member of a red team.
- Familiarity with various cybersecurity-related frameworks and compliance standards (SOC 2, NIST, BSI, ISO 27001, etc.)
- Certifications related to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, OSCP etc)
What we offer
- Chance to work from home or one of our offices —we trust you to find what works best for you
- Stipend for one of the following: home office, co-working space, or relocation
- Flexible working hours
- 28 days paid vacation
- Your choice of hardware and setup
- Personal and professional development budget
- Monthly child care stipend for children under 6
- Offsite team days and annual summer company retreats in Cologne
- Company-sponsored hackathons