Airtable's mission is to enable anyone to create software. Users can only create fearlessly when they trust that their data is safe with us. Therefore, security is built into everything we do: product design, feature development, architecture, operations, and customer support. We're building a world-class cybersecurity team, seeking the brightest minds to innovate and create real solutions that solve the challenges facing the internet community. To accomplish this, our team will be performing research, serving as subject matter experts, and presenting our work at conferences.

We are looking for an Application Security Engineer to help drive and implement technical strategies, innovative tooling, research, and processes. You'll collaborate and partner with cross-functional teams to help define and execute innovative AppSec strategies and help build a best-in-class AppSec program.

This person will need to be in our San Francisco office 2-3 times per week.

What you'll do

• Drive security into design and development through performing application security reviews, architecture and design reviews, threat modeling, including code reviews and application security testing.
• Partner and collaborate with development teams to support application vulnerability remediation efforts.
• Develop automated security testing to validate secure coding best practices.
• Perform application security testing to identify vulnerabilities in the core platform and services.
• Support Airtable’s bug bounty program.
• Support and consult with product and development teams in the area of application security.
• Promote security awareness through developing and delivering security training.
• Improve security frameworks, tools, processes and methodologies.

Who you are

• 3+ years of experience 
• Experience with OWASP best practices, SAST, DAST, and other common security tools.
• Strong understanding and experience with common web application security flaws, security controls, and common security libraries.
• Experience identifying security issues in applications through code review, threat modeling, pen testing, manually and with tools.
• Development experience and skills, preferably with TypeScript and Node.JS.
• Basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Strong interpersonal skills and experience working with developers to promote secure SDLC.
• Be a subject matter expert (SME) of at least 1 technical area impacting the security of the product.

Airtable is an equal opportunity employer. We embrace diversity and strive to create a workplace where everyone has an equal opportunity to thrive. We welcome people of different backgrounds, experiences, abilities, and perspectives. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, protected veteran status or any characteristic protected by applicable federal and state laws, regulations and ordinances. Learn more about your EEO rights as an applicant. 

VEVRAA-Federal Contractor

If you have a medical condition, disability, or religious belief/practice which inhibits your ability to participate in any part of the application or interview process, please complete our Accommodations Request Form and let us know how we may assist you. Airtable is committed to participating in the interactive process and providing reasonable accommodations to qualified applicants.