Security Analyst - Application Security

Summary

Join PrizePicks, a rapidly growing sports company, and become a key member of the Security team within Engineering. You will collaborate with various teams to enhance security practices, implement security policies, and advise on best practices. Responsibilities include integrating application security tooling, performing code reviews, assisting with penetration testing, managing the bug bounty program, and championing secure coding practices. You will also monitor application security metrics, research vulnerabilities, and assist with security incidents. The ideal candidate possesses 1-3 years of relevant experience, deep knowledge of application security, and a strong understanding of risk definition. PrizePicks offers a competitive salary, comprehensive benefits, and a flexible work environment.

Requirements

• 1-3 years of relevant work experience
• Deep knowledge of application security with an ability to think like a bad actor and use context to build threat models
• Ability to define risks both in technical and non-technical terms with business-relevant language
• Strong experience with the ability to architect and implement measures both within the software development life-cycle and surrounding infrastructure
• Certification from GIAC or similarly accredited organization with appropriate scope toward the role
• Programming Language Expertise
• SAST tooling familiarity
• DAST tooling familiarity
• SCA tooling familiarity
• Threat Modeling
• Penetration testing familiarity
• Linux or similar UNIX type operating systems
• Kubernetes and other containerized compute services

Responsibilities

• Coordinate with teams to integrate application security tooling into their pipelines
• Support and consult with Engineering and Product teams to ensure secure releases by
• Perform manual or automated code security reviews as needed
• Assist penetration testing activities as needed
• Monitor and provide remediation guidance for application security-related findings
• Manage the bug bounty program through triaging submissions, coordinating with researchers and engineers, and validating reported findings and remediation
• Champion secure coding practices through application security standards, guidelines, and training
• Monitor and provide application security metrics to leadership
• Research and track latest application security vulnerabilities and attack techniques
• Assist with application related security incidents

Preferred Qualifications

Development background

Benefits

• Company-subsidized medical, dental, & vision plans
• 401(k) plan with company match
• Annual bonus
• Flexible PTO to encourage a healthy work/life balance (2 weeks STRONGLY encouraged!)
• Generous paid leave programs, including 16-week paid parental leave and disability benefits
• Workplace flexibility and modern work schedules focused on getting the job done, not hours clocked
• Company-wide in-person events and team outings
• Lifestyle enhancement program
• Company equipment provided (Windows & Mac options)
• Annual performance reviews with opportunities for growth and career development