Reciprocity is changing the information security (InfoSec) landscape by providing companies an easy-to-use solution for managing compliance. Our team is made up of forward-thinking veterans ready to disrupt the security market, adding talented leaders ready to make legacy enterprise applications a thing of the past.
Our product platform, ZenGRC, is being deployed by some of the world’s leading enterprises such as Workday, Stripe, Airbnb, Alaska Airlines, and Novartis.
Our vision is to deliver a simple SaaS solution for managing compliance, risk, and info-sec related initiatives to large and small enterprises alike, enabling companies to gain faster time-to-value. And you, as a product marketing leader, will play an important part in shaping this future.
We have seen strong revenue growth this year, recently closed $10m in funding, and we're deploying that capital into Engineering, Product, Sales, and Customer Success. Our big push this year is in third party integrations and eventually building a third party developer program.
We have a diverse and international team. We have 15+ engineers in Ljubljana (Slovenia) in a beautiful office overlooking Tivoli park. Everyone is treated as an equal, and we have regular team offsites and visits between offices to establish rapport and real connections between coworkers.
We're in an industry that is seeing a growth in complexity. Compliance teams have historically used spreadsheets to manage and keep track of the state of their compliance. The next stage is using a tool like ZenGRC (our software) to get them off spreadsheets. The next stage in the evolution of compliance is real-time compliance, driven by integrations with systems such as log aggregators (e.g., Splunk), firewalls, and cloud compliance monitors (e.g., Threatstack, AWS)
It is becoming more common to see companies start viewing the state of their compliance and infosec risk programs as differentiators.
My team is the SRE and Data Engineering team. Today we are three (including myself). We work with the core engineering team (15-20, we're growing too fast to keep track!).
General principles and processes we adopt across all engineering: - Deployment manifests (Kubernetes) are checked into git, and deployment changes are code reviewed - We release multiple times per week, and run integration tests (< 5 minutes) on every PR and merge commit - We have decoupled major feature releases from code deploys by feature flagging (we use Launch Darkly to manage feature flags)
Adopting GitOps: (https://www.weave.works/technologies/gitops/). We use Kustomize with Kubernetes and are exploring projects such as Argo CD, Weaveworks Flux, and Spinnaker.
Automation: To support Continuous Deployment, we are striving to make it easy (and automated) to roll back failed deployments.
Observability and Monitoring: We use DataDog for aggregating all our logs, and application and infrastructure metrics.
Data Architecture and Customer Analytics: We have a fairly simple data aggregation backend now that surfaces data to our Product and Engineering team via Periscope Analytics. We plan to re-architect and improve the backend infrastructure to support historical data analyses and more data sources.
Many other small projects that require a mix of software development: - CLI tools for AWS, SSH, and Kubernetes access. An example of an open source project we have forked is https://github.com/gini/dexter - Configuration management tooling, http://github.com/reciprocity/confd
The ultimate goal is to make engineering as a whole take ownership over day 2 operations of software, by giving them the tools, dashboards, and confidence to deploy changes quickly and safely.
You could own the back-end infrastructure that drives our BI platform (we use Periscope and a Redshift data warehouse). A unique challenge is that we have 100s of single tenant databases for each customer deployment; we have to aggregate this data into a single data warehouse. We need to re-architect v2 of the data pipeline for this project.
Own the architecture for v1 of streaming data infrastructure. As we push toward third party integrations (e.g., Splunk, AWS Cloud Compliance, Slack), we'll start dealing with batch and real-time data ingress and egress.
Develop productivity tooling. We have a number of non-portable Bash and Python scripts that we'd like to consolidate into a single project. We've been ramping up our proficiency in Go, as it is a very useful way to distribute a single binary that can be cross-compiled for multiple platforms (we have developers on both MacOS and Linux).
We have been successfully and smoothly running our production software on Kubernetes for well over a year now. We're targeting multi region (multi cluster) deployments next year. We're looking toward building the
gluesoftware that runs in the clusters to keep things stable and support our Continuous Deployment initiatives.
We don't track vacation days. We're strongly influenced by the work ethic of our European office, and so we take vacation and unplug time seriously.
We have a $70/month stipend for any fitness or health related activity
We travel regularly to our head office (SF) and our European office in Slovenia. We expect to have an office in Buenos Aires, soon.
I try to get the team together at least twice per year. This year I visited the team in Ljubljana and we had an offsite and hackathon on the coast in Portorož. We'll be going to the Dash Conference in NYC in July, https://www.dashcon.io
As a distributed team, especially in different time zones, we all operate on a fairly flexible schedule. We make strong use of tools such as Confluence (internal blog posts), Slack, JIRA, and Status Hero to effectively communicate when we can't face-to-face over a Zoom call.
Interested in this company?
Skip straight to final-round interviews by applying through Triplebyte.