- Posted 21 June 2021
- LocationSan Francisco
- DisciplineCyber Security
- Contact NameStuart Mitchell
As an Application Security Engineer you’ll be joining a team responsible for building a best-in-class security program from the ground up. Our focus is on providing value to the organization by emphasizing real world security and embracing automation to keep up with the company as we experience hypergrowth. We’re looking for engineers who are excited to apply their expertise to our mission of securing some of society's most sensitive data
YOU MIGHT WORK ON
Partnering with both the Product Design and Software Engineering organization's security and privacy initiatives, leading security design reviews, and threat modeling.
Performing black-box and grey-box penetration testing of our own and partners’ services.
Performing code reviews of our own and partners’ services and apps including SaaS, PaaS, and mobile.
Researching new attack vectors and techniques relevant to our space and present findings to both internal and external audiences.
Collaborating with engineers on the best ways to mitigate vulnerabilities and reduce risk.
Participating in our incident response and vulnerability remediation efforts.
Integrating external and internal security tools and automation into development and build environments
Developing lightweight SDLC processes to embed into Product Design and Software Engineering workflows.
Develop secure coding practices and train engineering teams.
Interface with customers’ security teams when they are scoping and performing security assessments.
Helping to rapidly scale our team. As a member of the security team, you'll be an integral part of how we mature our own tooling, best practices, engineering processes, and hiring.
5-10+ years work experience in an application security or product security role including experience with code reviews, pentesting, and ideally threat modeling.
Strong communicator with the ability to translate technical security requirements and risks into terms that anyone can understand
In-depth experience finding AND fixing web application security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
Strong, general knowledge of the browser security model, modern network security, and cloud (AWS ideally) security.
Experience with vulnerability management and risk assessment processes.
Technical leadership skills; you enjoy being a tech lead, mentoring technologists, and evangelizing security and privacy
Comfortable with complexity in the short term but can build towards simplicity in the long term