Application Security Engineer

Summary

Join our team as a thoughtful and unusually responsible Application Security Engineer to help advance our mission of mitigating risk within our engineering environment by implementing strategic security measures.

Requirements

• A bachelor’s degree in a related discipline or equivalent professional experience
• At least 4 years acting in an Application Security Engineer role with progressive responsibility
• Strong experience integrating and managing DAST, SAST or IAST, and SCA tools and how these feed into Vulnerability Management initiatives
• Understanding of how scanning tools, penetration tests, and post-deploy scanning tools work together in the application security lifecycle
• Deep, hands-on experience implementing AppSec tools into a DevOps pipeline
• Solid understanding of application security issues, risks, and mitigation strategies
• Experience developing and refining Secure SDLC documents and processes
• Experience building and leading Information Security training focused on developers and based on OWASP principles
• Experience assessing and securing open-sourced software components
• Strong interpersonal verbal and written communications skills with proven experience of collaboration across different engineering areas
• Deep knowledge of containers and orchestrators, and hands-on experience with securing and monitoring CI/CD pipelines
• Understanding of Go, Python, Java, Javascript code, and their common security flaws

Responsibilities

• Embed security practices into the software development lifecycle, ensuring that security is considered at every stage, and implemented as a self-service capability wherever feasible (shift-left)
• Develop and maintain automated security tools and scripts to identify and remediate security vulnerabilities in code and infrastructure
• Perform security code reviews and static/dynamic analysis to identify vulnerabilities in applications written in JavaScript, Go, and Python
• Work closely with Engineering and IT teams to promote security best practices and provide guidance on secure coding standards
• Assist in the investigation and response to security incidents and vulnerabilities, providing technical expertise and recommendations
• Stay up-to-date with the latest security trends, vulnerabilities, and tools, and continuously improve the security posture of our applications and infrastructure
• Create and maintain comprehensive security documentation, including policies, procedures, and guidelines
• Act as a security consultant on secure software development practices, and provide hands-on training and coaching for Developers

Benefits

• Remote-first culture
• 401(k) savings plan through Fidelity
• Comprehensive medical, vision, and dental coverage through multiple medical plan options (including disability insurance)
• Full suite of Included Health telemedicine (e.g. behavioral health, urgent care, etc.) and health care navigation products and services offered at no cost for employees and dependents
• Generous Paid Time Off (
• 12 weeks of 100% Paid Parental leave
• Up to $25,000 Fertility and Family Building Benefit Compassionate Leave (paid leave for employees who experience a failed pregnancy, surrogacy, adoption or fertility treatment)
• 11 Holidays Paid with one Floating Paid Holiday
• Work-From-Home reimbursement to support team collaboration and effective home office work
• 24 hours of Paid Volunteer Time Off (“VTO”) Per Year to Volunteer with Charitable Organizations