Remote Senior Application Security Engineer

Summary

Join us as we make worklife better, together. As a Sr Application Security Engineer, you will be improving Glassdoor's application security posture and keeping our platform safe for millions of customers around the world!

Requirements

• A commitment to add to our culture of DEI
• 5+ years of experience in web application penetration testing or a security-focused application development role is a must
• AWS Security, CISSP, CEH, GWEB, GCIH or equivalent certifications are preferred
• Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
• Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
• Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
• Ability to read and understand Java, JavaScript, and Python
• Ability to automate repetitive tasks, using Python or other scripting language, is a plus
• Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
• Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience

Responsibilities

• Be an advocate for application security within the organization
• Help develop and maintain a risk-based application security program based on a well-defined application security framework
• Enhance and manage Glassdoor’s public bug bounty program, application security tool stack and automated security checks in the CICD pipeline to optimize vulnerability and misconfiguration detection
• Find common patterns and themes within application vulnerabilities and work with Engineering teams to address the root causes
• Participates in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
• Execute security-focused code, architecture and integration reviews
• Coordinate or conduct penetration testing and drive remediation efforts to completion
• Keep abreast of the latest security issues and technologies
• Own and improve process and procedural documentation
• Participate in on-call rotation (nights and weekends) for Security Operations alert response
• Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments

Benefits

• 100% employer-paid premiums for employee medical, dental, vision, life, short and long-term disability, select well-being programs, along with 80% employer-paid premiums for all dependents
• Generous paid time off programs for birthing and non-birthing parents are provided, along with paid injury/illness leave and paid family emergency leave
• Open Paid Time Off policy, in addition to 15-20 paid company holidays/year
• 401(k) plan with a company match up to $5,000 per year, subsidized fertility and family planning services, and discounted legal assistance services