Tinfoil Security, Inc.

Silicon Valley
11 - 25 Employees
< 10 Engineers
$1M - $2M Funding
Pre-Series A

We write tools that are used to secure the largest web applications and APIs in the world. If you've ever watched a video or streamed music online, your data has probably been secured by code we've written. To date, our software has found and fixed over two million security vulnerabilities on the web.

We hook security into CI and testing frameworks and have security tests run alongside unit, regression, and integration tests. Using the same techniques as malicious hackers, we systematically test all the access points. As we find vulnerabilities we’ll stick them right back in front of developers, either in a simple checklist format or by integrating into their issue tracker of choice, instantly notifying developers when there's a threat and giving step-by-step instructions, tailored to their software stack, to eliminate it.

We’re not limited by technologies or software stacks. Be it a website or API driven mobile app or IoT device, we can secure it.

Tinfoil Security, Inc. photo 1 Tinfoil Security, Inc. photo 2 Tinfoil Security, Inc. photo 3 Tinfoil Security, Inc. photo 4 Tinfoil Security, Inc. photo 5
Active Roles
Why join us?
  • We are profitable, are starting an exciting period of product growth and development, and have an amazing team culture.

  • We have a team of brilliant and diverse minds to collaborate with, comprised of individuals like MIT and Waterloo Alumni, to San Francisco based coding boot-camp grads. We've also won DEFCON CTF and countless other CTFs around the world.

  • We have insanely interesting and varied technical challenges; we have two products, one written in Ruby/Rails and another written in Elixir/Phoenix. You'll be exposed to a ton of different languages and stacks.


Engineering at Tinfoil Security, Inc.
Engineering team and processes

We are a small company so our engineering team is integrated with all aspects of the business (sales, support, marketing). On Mondays the whole company meets up to discuss the last week and any engineering priorities for the upcoming week. We then use a Kanban board to track tasks and when they're completed.

Engineers are responsible for designing, implementing, and testing their tasks. We often work collaboratively, but engineers are expected to be able to do some individual research before we decide on a course of action. We code-review and run code changes through our automated CI system, and we've built tooling to help simplify deployments to be a single click of a button away.

Technical Challenges

1) Building distributed systems that scale and reduce complexity

2) Security engineering and vulnerability discovery / exploitation

3) Using both OOP and Functional programming to solve problems

4) Focus on UI, usability, and design

5) Conceptualize, build, test, deploy - it's all your job!

Projects you might work on
  • Our customers had asked for a way to add two-factor authentication to better protect their accounts on our webapp. We researched the space and decided that we wanted to implement this as an extension to the Devise authentication library for Ruby on Rails. We implemented the ruby gem and released it as an open source library (https://github.com/tinfoil/devise-two-factor) — it's now in use by sites such as GitLab and is the most popular two factor solution for Rails.

  • Our security scanner can use login data to automatically try to log into a web application. If the scanner is unable to automatically figure it out or has to answer security questions we wanted a way to be able to teach the scanner how to perform these actions. We implemented a Chrome extension to record actions a user takes on a website and then our scanner can replay those whenever it needs to log in.

  • We wanted a way to be able to automate our deployments. We also used this opportunity to try out the Phoenix web application framework for Elixir (and Elixir itself). We built an internal webapp to manage services and deployment profiles, and keep track of what versions of software were currently deployed. It can run new deployments from docker images and now deploying any of our software is just a button-click away.

Tech stack
Ruby on Rails
Ruby
Elixir
Erlang
PostgreSQL
MongoDB
Javascript
Node.js
Go
Phoenix
Vue.js
GraphQL
TypeScript

Working at Tinfoil Security, Inc.

Culture is very dear to our hearts! We care a lot about our team and are passionate about fostering a healthy, inclusive and supportive work environment, where employees feel safe to express their voice and work on projects they are passionate about.

We are a highly talented and fun bunch of people, with unique interests to connect over, and filled with positive energy! We believe that the best work is done when great minds come together, and we encourage collaboration and pairing whenever possible. We are also passionate about learning! We encourage curiosity on our team and support trying new tools (or languages) when appropriate.

A day at Tinfoil Security is never boring and we are always looking for ways to be even better! :)

Generous Vacation

Tinfoil Security has an unlimited vacation policy (with manager approval).

Gym/Fitness

We will reimburse employees up to $80 a month for fitness memberships (traditional gym memberships, or non-traditional memberships such as rock climbing gyms or jujitsu lessons).

Health Insurance

We provide full medical, dental and vision insurance.

Flexible Hours

Office hours are very flexible, with our core office hours being between 11am and 3pm. This allows employees to plan their commute to work, or other appointments without stress. In addition, while the expectation is that employees work from the office, occasional work from home days for personal reasons are accommodated.

Pet Friendly

Until such a time that we have employees who are allergic to pets, we are pet-friendly, with manager/team approval! :)

Company Retreats

Once a year we go on a weekend retreat to somewhere fairly close to the Bay Area. The retreat is focused on team bonding, and we take time to re-evaluate our Company Values and to update them as a team if needed.

In addition to our weekend retreat, we also have an annual, week long WorkAway trip. This is exactly what it sounds like! We spend part of the trip working on projects, and part of the trip doing fun activities together as a team such as parasailing, or Escape Rooms! WorkAway is a much anticipated event on the team.

Work from Home

As mentioned in flexible hours, the expectation is that employees work from the office in general, however occasional work from home days are accommodated for personal reasons.

Philanthropic Contributions

Tinfoil will match up to $1000 of employee donations to 501(c)(3) charities registered with FirstGiving annually.

Workshops/Conferences

We attend RSA and DefCon annually, in addition to that we are open to attending other conferences on a case by case basis.

Beautiful Office

We have a bright, fun and open office space, with plenty of spots for you to nestle into a couch, or sit on the balcony if you need a change from your desk space. The office also has a great kitchen space, a hardwood smoker on the balcony, and is walking distance from restaurants, Starbucks, Peet's, Safeway, and Piazza's.

Free Food

While we don't provide meals for employees (except on rare occasions), there are snacks available for brain power! These range from sweet to savory, including mini candy bars, to popcorn/chips, to EasyMac.

Team Activities

Tinfoil Anniversary: On Tinfoil's anniversary we take the day off, and go do something fun together as a team (for example, windsurfing lessons)!

Tinfoil Fun Times: These are events that are periodically set up, and range to include everything from board game nights, to white water rafting, to Escape the Room's! These are not mandatory events, however they are always a lot of fun! :)

401(k) Contribution

We offer a matched 401k plan.


Interested in this company?
Skip straight to final-round interviews by applying through Triplebyte.

Apply