Assured is hiring a
Staff Application Security Engineer

Summary

Assured is seeking a Staff Application Security Engineer to lead Red Team operations, develop secure coding practices, guide other team members, and scale application security. The role requires strong understanding of common security libraries, development skills, experience working with developers, DevSecOps, and familiarity with the SaaS model. Benefits include competitive salary, health care plan, life insurance, paid time off, family leave, 401(k) contribution, and flexible spending accounts.

Requirements

• Strong expert understanding and experience with common security libraries, security controls, and common security flaws
• Strong development or scripting experience and skills. You’re able to significantly and effectively contribute to product security. Typescript, Python, and Terraform are preferred
• Strong experience working closely with developers
• DevSecOps experience
• Familiarity and ability to explain security flaws and ways to address them (e.g. OWASP Top 10)
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics clearly and concisely. Demonstrated expert in documentation
• Strong understanding of the Software as a Service (SaaS) model
• Expert understanding of internet security issues, application security technologies, cloud architectures, and threat landscape concepts
• Experience leading efforts or managing application security teams working in the DevOps model
• Hands-on experience architecting, automating, maintaining, and securing Cloud Computing Platforms. AWS experience is a must

Responsibilities

• Lead Red Team operations and penetration test campaigns, providing expert-level insight into process, procedure, and post-mortem
• Develop a clear understanding of vulnerabilities and drive efforts to remediate findings
• Lead in developing automated security testing to validate that secure coding best practices are being used
• Provide expert guidance and direction for other team members when they encounter challenges in their security reviews
• Own documentation and procedures surrounding application security reviews and lead by example for what successful application security reviews look like
• Drive initiatives that scale application security and holistically address multiple vulnerabilities
• Guide and advise development teams as an SME in the area of application security
• Develop, support, and evolve the bug bounty program. Take initiative and drive changes in the bug bounty program
• Lead both critical and regular security releases within our applications
• Lead application security reviews and threat modeling, including code review and dynamic testing
• Scale application security by developing automated security testing or centralized security libraries that scale directly with developers and enable them to easily write secure code
• Develop security training and socialize the material with internal development teams. Have significant ownership in and evangelize security training with development teams

Benefits

• Competitive salary and equity packages (75%tile)
• Health Care Plan (Platinum Medical, Dental, & Vision)
• Life Insurance (No cost to you)
• Paid Time Off (Uncapped vacation days & paid holidays)
• Family Leave (Maternity, Paternity)
• 401(k) contribution (Assured contributes 3% of your income even if you don't contribute)
• Health and Dependent Care FSAs (Pre-tax flexible spending accounts for out-of-pocket expenses)