Application Security Engineer

Summary

Join Fetch Rewards as a Security Application Engineer and bridge the gap between development, operations, and information security. You will play a vital role in ensuring the secure design, development, and deployment of applications across Fetch's technology landscape. Responsibilities include secure software development, application security assessments, security tools integration, threat modeling, incident response, training, and staying current with industry trends. You will collaborate with engineering and product teams, perform security testing, and integrate security tools into CI/CD pipelines. This role requires strong problem-solving, communication, and collaboration skills, along with experience in application security and relevant technologies. Fetch offers a competitive benefits package including equity, 401k matching, comprehensive health benefits, education reimbursement, employee resource groups, paid time off, robust leave policies, and a flexible work environment.

Requirements

• Strong problem-solving and critical thinking skills
• Excellent communication and ability to translate technical security findings into actionable insights for non-technical teams
• Strong collaboration and relationship-building skills to work effectively with developers, operations, and business stakeholders
• Ability to thrive in a fast-paced and agile environment, adapting to changing priorities
• Proficiency in programming languages such as Python or Go
• Strong understanding of secure coding practices and application security frameworks (OWASP Top 10, SANS CWE)
• Experience with static and dynamic application security testing (SAST/DAST) tools
• Hands-on experience implementing security in CI/CD pipelines (DevSecOps)
• Solid understanding of web application architecture (APIs, microservices, authentication mechanisms)
• Experience building and deploying security solutions in AWS or other cloud environments
• Familiarity with security automation tools
• Proven understanding of container security (Docker/Kubernetes)
• Knowledge of cloud platforms like AWS (IAM, security groups, encryption) and their security best practices
• Familiarity with penetration testing tools (Burp Suite, ZAP) and vulnerability management platforms
• JFrog xray, Github Actions
• Bachelor’s degree in Computer Science, Information Security, or a related field (or equivalent work experience)
• 3+ years of experience in application security or a related role

Responsibilities

• Collaborate with engineering and product teams to incorporate security principles throughout the software development process. This includes ensuring that security considerations are addressed during planning, design, implementation, and deployment stages
• Conduct and facilitate secure code reviews, analyzing code for vulnerabilities and providing actionable, prioritized recommendations for remediation
• Guide teams in implementing secure coding practices, such as input validation, proper error handling, and adherence to standards (OWASP Top 10, SANS CWE)
• Perform and consult on application security testing, including static analysis (SAST), dynamic analysis (DAST), and manual penetration testing of applications
• Identify and assess vulnerabilities, risks, and gaps in Fetch's applications. Work with developers to triage vulnerabilities and ensure timely resolution
• Develop and integrate security tools into CI/CD pipelines (DevSecOps) to automate security checks
• Maintain and enhance security tools, including SAST, DAST, and open-source vulnerability scanners
• Conduct threat modeling and security reviews of applications and systems
• Develop and communicate strategies for mitigating identified risks early in the development cycle
• Respond to security incidents involving application vulnerabilities
• Assist in root cause analysis, remediation planning, and implementation to prevent reoccurrence
• Educate and train developers and teams on secure coding practices, security frameworks, and emerging threats
• Foster a security-first culture, encouraging secure design and development practices
• Stay up-to-date with the latest application security tools, techniques, and threat landscapes
• Continuously improve security processes, practices, and tools based on industry standards and lessons learned

Preferred Qualifications

Relevant certifications such as CISSP, CEH, OSCP, GWAPT, or CSSLP

Benefits

• Equity for everyone
• 401k Match: Dollar-for-dollar match up to 4%
• Benefits for humans and pets : We offer comprehensive medical, dental and vision plans for everyone including your pets
• Continuing Education : Fetch provides ten Thousand per year in education reimbursement
• Employee Resource Groups : Take part in employee-led groups that are centered around fostering a diverse and inclusive workplace through events, dialogue and advocacy. The ERGs participate in our Inclusion Council with members of executive leadership
• Paid Time Off: On top of our flexible PTO, Fetch observes 9 paid holidays, including Juneteenth and Indigenous People’s Day, as well as our year-end week-long break
• Robust Leave Policies: 20 weeks of paid parental leave for primary caregivers, 14 weeks for secondary caregivers, and a flexible return to work schedule. $2000 baby bonus
• Flexible Work Environment: Collaborate with your team in one of our stunning offices in Madison, Birmingham, or Chicago. We’ll ensure you are equally equipped with the hardware and software you need to get your job done in the comfort of your home