Get to know us
eyeo is an open-source software company that builds products like Adblock Plus, Adblock Browser and Flattr. By leveraging distribution partnerships, we bring ad-blocking technology everywhere, giving users control over their online experience while offering creators, publishers and advertisers more ways to earn money for the free content they provide.
In combining our reach based on distribution partnerships and our own products, our technology runs on over 150 million devices.
At eyeo, we’re passionate about user agency, personal privacy, sustainability and keeping the web an open, fair resource for everyone.
How we work
eyeo colleagues are based all over the world. We practice agile and work in distributed, cross-functional teams that span nearly every timezone. Many of our tech teams prefer to work asynchronously.
What you'll do
Keep us safe, keep our users safe, keep our infrastructure safe.
Make eyeo’s products more secure and help develop this culture of security within the company.
After your morning coffee, you'll be expected to...
- Participate in incident management
- Identify, respond to and remediate active attacks
- Perform logging, monitoring, alerting and log analysis on eyeo assets
- Design, implement and manage information security and anomaly detection tools
- Ensure infrastructure and endpoints are secure including but not limited to:
- Performing secure configuration error discovery
- Performing threat hunting, vulnerability and patch management
- Implementing and managing secure network architectures
- Ensuring operating system hardening
- Establish a holistic view of the organization’s attack surface and possible risk
- Perform risk assessment, internal penetration tests and manage 3rd -party penetration tests
- Ensure secure identity and access management
- Provide security guidelines to eyeo operations team, feedback on security policies, technical support on audits (internal & external)
What you bring to the table...
- Experience in intrusion analysis, detection and incident response
- Experience in ethical hacking or penetration testing.
- Advanced knowledge and understanding in various disciplines: threat intelligence, IAM, key management systems, data security, application security, web application and browser security, security protocols, operating system internals and hardening, network security, vulnerability management.
- Knowledge and understanding of attack surfaces for enterprise infrastructures, systems and services
- Knowledge and understanding of network devices, multiple operating systems (e.g. Windows, Linux, OS X, Android), and secure architectures
- Familiarity with various cybersecurity-related frameworks and compliance standards (SOC 2, NIST, BSI, ISO 27001, etc.)
- Ability to code in one or more general purpose languages
It's awesome, but not required, if you know about...
- Affinity for open source
- Knowledge of correlation and trend analysis of security logs, network traffic, security alerts, events and incidents
Certifications related to security (such as Security+, GSEC, GCIH, GCIA, CISSP, NCSF, OSCP etc.)
What we offer
- Work from home or one of our offices —we trust you to find what works best for you
- Stipend for one of the following: home office or relocation
- Flexible working hours
- 28 days paid vacation days
- Your choice of hardware and setup
- Personal and professional development budget
- Monthly childcare stipend for children under 6
- Offsite team days and annual summer company retreat in Cologne
- Company-sponsored hackathons