Remote Principal Application Security Engineer

Summary

Join Binti, a mission-driven software company, as their first Principal Application Security Engineer. Reporting to the VP of Engineering, you will be crucial in ensuring the security and integrity of our applications. Key responsibilities include conducting security assessments, setting security direction, responding to incidents, improving security architecture, setting security standards, and sharing expertise. This role requires proven experience as an Application Security Engineer, a strong technical background, and excellent communication skills. Binti offers a competitive compensation package, excellent benefits including comprehensive health insurance, flexible vacation time, paid parental leave, and professional development opportunities. The position is fully remote within the US, with flexible scheduling.

Requirements

• Proven experience as an Application Security Engineer or in a similar role
• Strong technical background with experience in full-stack development, cloud computing, and scalable architecture
• Excellent communication skills with the ability to simply convey complex security concepts to non-technical stakeholders and clearly articulate the relative risks and trade-offs
• Focused on keeping the company secure while ensuring the team can still ship products and deliver value to customers and users
• Experience cultivating a security-aware development culture that scales through mentorship and automation
• A genuine interest in leveraging technology to address social challenges, with a strong sense of purpose in improving outcomes for children in need

Responsibilities

• Conduct Security Assessments: Provide holistic assessments of Binti’s security stance, including performing regular security reviews, code audits, penetration testing, and threat modeling to maintain the highest standard of application security
• Set Direction: Help Binti chart a specific course of action to achieve the security stance we desire. This includes scoping and prioritizing work, determining what levels of investment and risk we should take on given our scale and capacity, and building relationships across teams to effectively communicate and advocate for these goals
• Respond To Incidents : Respond promptly to security incidents, collaborate with engineers on-call, and provide detailed post-event analyses. Evaluate the applicability of emergent security concerns through risk rating and assessment (such as OWASP)
• Improve Security Architecture: Work with engineering to identify, design, and implement technologies to enhance security automation, both for the software development lifecycle and cloud hosting environments
• Set Security Standards: Lead efforts to design and implement secure coding standards and best practices across the development lifecycle, including automating processes as makes sense to ensure comprehensive coverage
• Share Expertise: Stay up to date on the latest security threats, vulnerabilities, and industry best practices, and ensure the integration of this knowledge into Binti’s security strategies. Act as our company’s expert on application security matters, providing mentorship to development teams and fostering a scalable, security-aware culture
• Review and implement security patches and hotfixes in production applications
• Implement streamlined feedback of security recommendations for new products before launch into the Binti platform
• Improve the security of documents and files uploaded and downloaded on the platform
• Analysis, scoping, and implementation of security improvements to better protect Personal Health Information and Personally Identifiable Information stored within the product
• Improve notification and escalation of security concerns from third parties (such as security researchers)
• Integration of new and existing logging and alerting systems to centralized and/or decentralized Security Incident and Event Management (SIEM) platforms
• Assess backlog of application-specific security tickets and provide recommendations for remediation and
• Support evidence collection for compliance frameworks such as SOC 2 Type II and HIPAA

Preferred Qualifications

• Proficiency in one or more OOP coding languages (Ruby, Python, Java, etc)
• Prior experience with GovTech or FedRamp

Benefits

• An above-market compensation package (salary + equity)
• Excellent medical, dental, vision, and life insurance - 99% of insurance premiums covered for you + your dependents
• Flexible vacation time to promote a healthy work-life blend
• 13 paid holidays; 11 federally observed holidays (including Juneteenth), plus Election Day and the day after Thanksgiving
• 16 weeks of paid parental bonding leave for the arrival of a newborn or newly placed infant
• Sick/mental health time separate from vacation days (accrue up to a cap of 160 hours)
• 4 weeks of sabbatical after 4 years of service at the company
• 401k, Commuter benefits, FSA, and DCSA with administration paid for
• $5,000 annual bonus for employees who volunteer as a CASA (court-appointed special advocates)
• $2,500 annual reimbursement for ongoing learning and development, with opportunities to attend trainings/conferences, on-site speaker series, and lunch and learns
• $300 reimbursement for virtual home office setup
• $50 a month remote work stipend to cover internet, electricity, home office setup costs or lunch/snacks with coworkers
• Paid jury duty