Sr Application Security Engineer

Posted 06 April 2022
Salary $160-200k base plus RSU's
DisciplineCyber Security
Contact NameStuart Mitchell
Remote working Remote

Job description

Cloudbeds is the hospitality industry's fastest-growing technology provider for independent hotels, hostels, vacation rentals, and hotel groups. Our award-winning Cloudbeds Hospitality Platform is currently helping a growing clientele of 22,000+ properties in 157 countries to increase revenue, streamline operations, and deliver memorable guest experiences.

Behind the Cloudbeds platform is a growing team of 500+ employees distributed across 40+ countries speaking 30+ languages. From data architects to UX designers, integrations managers to payments experts, former hotel managers to former OTA executives, our team comprises the brightest minds in technology and hospitality working to solve the industry’s biggest challenges.

From the beginning, we've believed that our people are our greatest asset, so we've founded the company as #RemoteFirst, #RemoteAlways with shared core values that allow our team to thrive. This means we:

  • Hire the best people wherever they're located;

  • Emphasize the value of results over hours put in;

  • Provide flexibility in working hours and locations;

  • Foster an inclusive environment that celebrates bold thinking and diverse perspectives;

  • Offer open vacation policies, free LinkedIn Learning, and other benefits that promote well-being and professional development.

Together we're on a mission to power every property in the world and to do that, we need to find the best talent in the world. That's why we're on the search for a superstar Senior Application Security Engineer.

As a Senior Application Security Engineer at Cloudbeds, you will help to further secure our applications and customer data from quickly global and growing cybersecurity threats. You will leverage your experience as a developer, engineer, and security specialist to help identify potential threats and determine remediation strategies. You will help define security standards across our applications and serve as a security consultant to our product and engineering teams.  You will maintain an understanding of and defend against the latest threats. As a Senior Application Security Engineer at Cloudbeds, you will play an important role in our delivery of an exceptional experience to our customers all around the world with security at top of mind.

Location: Remote - US/EU

What You Will Do:

  • Become a security expert for multiple products and act as a software engineering security point of contact. 

  • Play a pivotal, hands-on role as a security-focused software engineer, shaping our product security and helping keep Cloudbeds safe. 

  • Contribute as a hands-on security-focused software engineer, making security-related improvements to our product’s source code, preparing fixes, creating pull requests, etc. 

  • Work directly with our security, IT, product, and engineering teams to implement security best practices across our applications, especially a “shift left” approach to application security

  • Provide product and application security related coaching, mentoring, and training to elevate security expertise of development teams

  • Identify application security requirements, and define reference security architectures and designs

  • Identify any existing software security gaps, and build and implement mitigation strategies

  • Perform code analysis, application security reviews, threat modeling, and assist in building an Application Security training program

  • Secure our Software Development Life-Cycle by participating in and improving security-related phases of the cycle.

  • Maintain an understanding of the latest cybersecurity threats and implement best practices for protection.

  • Support and contribute to internal security policies and processes to ensure company and employee data are secure.

  • Act as a first-responder for security-related incidents.

You’ll Succeed With: 

  • Bachelor’s degree in Computer Science or a related technical field.

  • 3+ years experience as an Application Security Engineer

  • 5+ years experience in information security

  • 7+ years experience in IT.

  • Strong experience with designing, developing, implementing and/or customizing application authentication and authorization systems

  • Strong understanding of the OWASP Top 10 application security risks, and how to address them

  • Strong experience with web application security scanning software (DAST, SAST, IAST, etc.) and testing tools (Snyk, Veracode, Checkmarx, SonarQube, etc.)

  • Knowledge of application security frameworks, such as the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), and/or Building Security In Maturity Model (BSIMM)

  • Hands-on experience with encryption mechanisms, hashing, secure random number generation, key derivation and management, digital signatures, etc. 

  • Strong experience with Continuous Integration (CI) tools.

  • Strong knowledge of threat modeling and risk assessment techniques.

  • Experience implementing application security controls in a PCI compliant software development environment.

  • Experience working within an Amazon Web Services (AWS) infrastructure

  • Exceptional written and verbal communication in English.

  • Ability to work remotely and manage your own time in a global team.

Nice to Haves:

  • Applicable application security related certifications (CISSP, CSSLP, GWAPT, Security+, etc).

  • Experience participating in security-related roles within the SDLC.

  • Experience securing microservices or Service-Oriented Architectures (SOA).

  • Experience securing REST and GraphQL APIs.

  • Experience supporting compliance efforts.

  • Experience programming in PHP, Perl, or Javascript.

  • Experience working with Atlassian products (JIRA, Bitbucket, Confluence).

Our company culture supports flexible working schedules with an open Paid Time Away policy and gives all team members the opportunity to travel and work remotely with great people. If you think you have the skills and passion, we’ll give you the support and opportunity to thrive in your career. If you would like to be considered for the role, we would love to hear from you!

Company Awards to Check Out! 

  • Fastest Growing Companies | Inc. 500 (2018 & 2019) 

  • Best Places to Work | Inc Magazine (2017 & 2018)

  • Best Places to Work | HotelTechReport (2018, 2019, 2020, 2021)

  • Best Property Management System | HotelTechReport (2021, 2022)

  • Best Hotel Management Software  | HotelTechReport (2022)

  • Start-Ups to Watch | Forbes (2018)

  • Best Startup Employers | Forbes (2020, 2022)

  • Technology Fast 500 | Deloitte (2019, 2020, 2021)

  • Top 100 North America | Red Herring (2020)

  • Connect MIP Award (Technology)