Principal Security Engineer - Application Security

Summary

Join Gusto's Security Engineering team and collaborate with product and engineering leads to design secure and privacy-focused products. You will build strong relationships with internal stakeholders, providing security guidance and risk mitigation strategies. This role involves reviewing systems, developing secure coding practices, and leading security training. The ideal candidate possesses extensive experience in information security, application security, and software development. Gusto offers competitive compensation, stock equity, and flexible work arrangements.

Requirements

• 12+ years of experience in information security, especially application security, product security, and/or security partnership
• 5+ years of hands on software development experience
• Ability to work with engineers to balance security risks, customer privacy, and business requirements
• Experience building software. We primarily use Ruby, JavaScript, Python, and Kotlin

Responsibilities

• Work alongside product, engineering, infrastructure, legal, and privacy teams to design safe features to protect our customers
• Review and threat model new systems, products, and features
• Provide detailed security advice and risk assessments, including architectural direction
• Develop guidelines and recommendations for secure coding practices
• Lead and manage secure code training instruction
• Implement and deploy application security tools
• Develop long-term relationships with product development and engineering teams

Benefits

• Our cash compensation amount for this role is targeted at $225,000/yr to $245,000/yr in Denver & most remote locations, and $265,000/yr to $285,000/yr in New York & San Francisco Bay Area. Stock equity is additional
• Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role)
• When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required