<aside> 👋🏽

As a candidate, it can be surprisingly difficult to learn what the job you’re applying for actually entails! I hope the detail we’ve put into this job posting helps you get some clarity about our company, product, team, and the role. – Sumeet Jain, Head of Engineering

</aside>

➡️  Overview | The Role | “A week in the life” | Compensation | The Company | Interview Process

Overview

• We’re looking for engineering leaders to manage established teams of Senior+ engineers (folks like Manuel, Linna, Madi, Julian, and Mark).
• We have several open reqs and need EMs across the entire department: Product Engineering, ML & Agent Development, Integrations, Async Processing, Dev Platform, Costre Infra, MQL, and more.
• Whether you want to specialize or keep regular exposure to a wide array of domains, It’s still early enough here that — if our team and company sound interesting — I’m confident there’ll be be a place here for you.
• We don’t have levels in Engineering. We’ve hired EMs who were previously first-time managers, and also EMs who were Heads of Engineering. If you’re interested in building the company with us and then shaping your scope as we scale up, you’ll fit right in. The need for a Senior leadership layer will emerge this year.

What We Do

<aside>

If you haven’t already, check out https://sublime.security/. What follows is a slightly more technical description.

</aside>

Our flagship product is a message processing pipeline that runs detection rules written in MQL — "Message Query Language", our first-party DSL for querying email messages. This core function protects organizations from phishing. The Sublime Security platform monitors and analyzes all incoming email for an organization's employees, flagging suspicious messages for the security team to triage.

Here’s a conceptual view of how a rule is processed and what a flagged message looks like in our UI:

Behind MQL for writing detection rules are ML classification models, external services, functions like WHOIS lookup, headless browsing, and more.

Our systems handle large datasets and perform inherently complex and resource-intensive operations. However, our core competency—detecting and remediating attacks—requires extremely low latency. As a result, we have very little tolerance for performance degradation.

We can host a customer’s Sublime instance, or they can deploy our entire product stack on their own infra via AWS CloudFormation on ECS or Azure Resource Manager on Kubernetes via AKS. This diversity of deployment type adds some complexity to our development lifecycle. Our goal is to consolidate our infrastructure setup to make it easy for users to deploy Sublime in any environment.

Why is this important?

Phishing is a means by which an attacker gains access to something they shouldn’t have access to. Think about what inappropriate access could mean to your past employers, your state government, or to non-profit organizations you care about. The impact from real phishing attacks includes:

• disrupting coronavirus research
• impacting a US presidential election
• damaging a country’s national defense

What you’re signing up for