Senior Application Security Engineer

Summary

Join LastPass's Product Security team as a Senior Application Security Engineer (PHP)! Collaborate with engineers and product owners to ensure security best practices across LastPass products. You will conduct application security design reviews, threat modeling, code reviews, penetration testing, and debug complex PHP applications. This role requires deep web application security knowledge, PHP experience, and collaboration skills. LastPass offers a remote-first culture, competitive compensation, flexible PTO, generous parental leave, comprehensive health coverage, and development opportunities.

Requirements

• Excellent written and verbal communication skills in English
• Deep technical knowledge in web application security
• Experience in developing and/or securing web applications written in PHP
• Basic knowledge of Docker and container security
• Previous experience with threat modeling, testing, and analyzing client-side applications
• A knack for identifying flaws in software and the ability to effectively communicate how to fix them
• Previous experience working closely with engineering teams and supporting them throughout the SDLC (Software Development Life Cycle)
• Team player with a hands-on and can-do attitude

Responsibilities

• Be part of a dedicated application security team responsible for enhancing the product security of LastPass
• Work closely with engineering and platform teams to understand their application security needs
• Utilize your knowledge of security architecture to ensure that our teams build secure products and services from the ground up
• Conduct application security design reviews, threat modeling, and code reviews
• Debug and troubleshoot complex client-side applications written in PHP
• Apply your penetration testing skills to strengthen our internal and external applications and services
• Support our bug bounty security researcher community and maximize learning opportunities within our engineering processes

Preferred Qualifications

• Experience with .NET or JavaScript/TypeScript
• Experience with React
• Experience with GitLab CI/CD
• Experience with AWS (Amazon Web Services)

Benefits

• Remote first culture
• Competitive compensation
• Flexible Paid Time Off policies, including but not limited to: Quarterly Self-Care Days (4 extra paid days off annually) and Volunteer Days
• Generous Parental leave
• Comprehensive health coverage, dependents included
• Home office setup support
• LastPass families free account up to 5 members
• Continuous learning and development opportunities