Senior Application Security Engineer

Summary

Join LastPass's Product Security team as a Senior Application Security Engineer and contribute to securing our applications. Collaborate with software engineers, product owners, and the architecture team to implement security best practices. You will conduct application security design reviews, threat modeling, code reviews, penetration testing, and troubleshoot complex applications. This role requires deep technical knowledge in web application security, experience with JavaScript/TypeScript, and collaboration with engineering teams. LastPass offers a remote-first culture, competitive compensation, flexible PTO, generous parental leave, comprehensive health coverage, and continuous learning opportunities.

Requirements

• Excellent written and verbal communication skills in English
• Deep technical knowledge in web application security
• Experience in developing and/or securing web applications written in JavaScript/TypeScript
• Basic knowledge of Docker and container security
• Previous experience with threat modeling, testing, and analyzing server-side applications
• A knack for identifying flaws in software and the ability to effectively communicate how to fix them
• Previous experience working closely with engineering teams and supporting them throughout the SDLC (Software Development Life Cycle)
• Team player with a hands-on and can-do attitude

Responsibilities

• Be part of a dedicated application security team responsible for enhancing the product security of LastPass
• Work closely with engineering and platform teams to understand their application security needs
• Utilize your knowledge of security architecture to ensure that our teams build secure products and services from the ground up
• Conduct application security design reviews, threat modeling, and code reviews
• Debug and troubleshoot complex server-side applications written in JavaScript/TypeScript
• Apply your penetration testing skills to strengthen our internal and external applications and services
• Support our bug bounty security researcher community and maximize learning opportunities within our engineering processes

Preferred Qualifications

• Experience with .NET or PHP
• Experience with React
• Experience with GitLab CI/CD
• Experience with AWS (Amazon Web Services)

Benefits

• Remote first culture
• Competitive compensation
• Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
• Generous Parental leave
• Comprehensive health coverage, dependents included
• Home office setup support
• LastPass families free account up to 5 members
• Continuous learning and development opportunities