Elixir Engineers @ Tinfoil Security

Hey Elixir Forum!

I’m an engineer at Tinfoil Security. We’re a small team of < 15 people who write automated security analysis tools. A lot of our codebase is in Elixir (though we still have a lot of Ruby), and we’re hoping to hire at least one or two engineers by early 2017. I’ve copied our big formal job posting below, but feel free to ask me any specific questions here, and I’d be happy to help!

If you’re interested, either ping me on here, or reach out at shane@tinfoilsecurity.com

At Tinfoil Security we’re working to make the internet a more secure place. We write tools that are used to secure the largest web applications in the world. If you’ve ever watched a video or streamed music online, your data has probably been secured by code we’ve written. To date, our software has found and fixed over one million security vulnerabilities in the web.

You’ll work on anything from distributed systems to static analysis or information architecture. This means building things that have never been built before: you’ll need to quickly learn new concepts and apply them to your work. We value speed, but we value stability more. We also do a lot of web development, but we spend most of our time working to automate web application and web API security assessments.

Our software stack is primarily Elixir, Ruby, and Go, but we’re advocates of choosing the best tool for the job. If something like Elm is going to help you solve a problem more effectively then we want you to convince us of that.


  • A drive to learn and push your limits
  • An interest in security and an appreciation for privacy
  • Passion. We don’t care in what, but we want you to make us excited about something you care about
  • A pride in your work. We treat our work as a craft, and aren’t done with a new feature until we’re proud of it

Bonus Points:
Experience in:

  • Elixir or Erlang
  • Ruby or Ruby on Rails
  • Javascript, Coffeescript, etc
  • Knockout.js, React, etc

Exposure to security concepts like:

  • Web Vulnerabilities (XSS, SQLi, CSRF, etc)
  • Cryptography

DevOps Experience:

  • We use Docker and CoreOS
  • You’ve built and launched a project from start to finish
  • Our engineering team is also our Ops team. We want people who aren’t afraid to get their hands dirty

Our office is located in Mountain View, CA: https://www.tinfoilsecurity.com/go/office.

There are parking spaces available, and we’re near the Caltrain and bus stops. Unfortunately we can only accept on-site employees at this time, but we’ll do whatever we can to help you find housing.


I think some info on your interview process would help :slight_smile:

1 Like

Good question :slight_smile:

We tend to start with a 30-minute “getting to know you video call”. We’ll talk about your experiences, answer any initial questions you have, and start with a small coding question (i.e. not “re-derive some crazy-complicated graph traversal algorithm we’d expect you to be able to Google if you needed it”).

From there we’ll follow-up with a longer interview, usually about an hour or so long, where we’ll work through a more complicated problem. The problem is usually something we’ve had to solve in the past, and we’re mostly looking to see how we work together and what your thought process is like. There’s no correct answer, and we want it to be more collaborative than anything.

After that, our CEO just likes to hop on one final call, to get a better feel for what you’re looking for out of a job, and to make sure any final questions or concerns you have are addressed.

We’re happy to work through the process as quickly or slowly as you’re comfortable with, keeping in mind that we’re hoping to have the position filled by mid-to-late January of 2017.

This will be our first time hiring a full-time engineer in a while, so I don’t know whether we’re planning to change things up a little bit, but that’s what the process looked like when I joined about two years ago. I do suspect that at some point we’ll want to fly you down to the office to meet the whole team.

1 Like

Nice to see a new job offer for elixir enthusiasts!
Unfortunately, UK/USA is at the moment unattainable for me (I reside in small town in Poland).

I’m writing about my passion by big P, A, S, S, I, O and N chars with lots of info about Elixir and more :smile:.
I know:

  1. Elixir, Phoenix, Ecto
  2. Ruby, Ruby on Rails, devise and lots more gems
  3. HTML (also HTML5), CSS3, JavaScript, CoffeeScript

I also read and modify basic examples in lots of languages (for example, C/C++/D/Groovy/Java and more - ok, now I can’t write from mind simple example for all, but I know them, learned graphic libraries usage and bugged some windows :smile:), so learning new things is not so hard for me (except advanced English like learning Assembler - yes I learned it and I created simple windows in GTK+ and changed their icons, but only followed by tutorial in my primary language; I don’'t have any problem using Elixir docs/tutorials - also for external libraries).

I have 0 knowledge about security (I mean writing own libraries). I read about lots of algorithms, so Diffie–Hellman definition is not foreign to me, but don’t expect from me example program that uses it or library that can provide this, but I’m also interested in this topic (like a hundred others, so I don’t have time for all :smile:).

I wish you lots of great CV’s and further successes.

1 Like

Thank you for very thorough walk through. [quote=“QuinnWilton, post:1, topic:2670”]
but we’ll do whatever we can to help you find housing
[/quote] looking at rent prices in Mountain View this seems like an important point :slight_smile:

1 Like

Tinfoil was one of the first (the first?) service for Microsoft Azure that had vulnerability checking for Azure App Services I believe? That looked really cool! :sunglasses: (Alas, I never got to try it out since I moved ibGib code from Xamarin to Elixir Html5 though).

Any (remote :wink:) possibility of remote + part-time work? I have experience with the ridiculous STIGs/NIST/HP Fortify world from a couple years as an Air Force contractor, but my “Passion” is ibGib (site and GitHub) which I have a hard time stepping away from. Incidentally, ibGib is exploring an interesting approach to security focusing on immutable data, IoT, and authentication, “open-sourcing” data much like open-sourcing code. But I digress (frequently)… :eyes:

1 Like

Hello, Tinfoil/Shane. I heard about your service in September on the Security Now podcast (episode 578, 1:59:45 in), and Steve Gibson was “incredibly impressed”. I’ll try a scan out soon. :slight_smile:

Security is definitely interesting to me, but I’m currently more of an HTML/CSS person than a programmer (something I hope to change by learning more about functional programming and Elixir), so I won’t be applying. (Unless you’d also like to look at updating your website? :smiley: ) All the best with finding and working with new engineers.

1 Like

Thanks Eiji! Feel free to reach out if you’re ever in a position where you’re able to move to the USA; your excitement is refreshing :slight_smile:

1 Like

Yep, we were (and still are?) the first official security scanner for Azure! It’s a blackbox scanner, so you’re actually able to run us against the Elixir version of ibGib using our non-Azure offering.

Unfortunately we aren’t yet able to support remote workers, but if your situation ever changes, we’d love to hear from you :slight_smile:

1 Like

Hey David! That’s cool that you heard about us on Security Now! I’m surprised at how much exposure that podcast got us. Let me know if you run into any issues setting up your account, and I’d be happy to help.

If you’re interested, you should shoot your resume / portfolio / whatever you want over to me or jobs@tinfoilsecurity.com anyway. Right now we’re hoping for more of a generalist engineer than a frontend person, but I strongly suspect we’ll need someone on the design side of things soon™.

1 Like