Staff Application Security Engineer

As the Staff Application Security Engineer, you will report to the Manager, Cloud Security, and will continuously collaborate with key stakeholders across the business to solve the most critical technical problems.

Scope:

• Design, implement, and manage the security solutions program for cloud-based applications and infrastructure 

• Solve systematic problems for production security in a product, marketing and data science environment throughout the software development lifecycle.

• Responsible for implementing and maintaining secure coding practices, identifying vulnerabilities, and ensuring the overall security of our applications. 

• Collaborate with and serve as an advisor to cross-functional teams to develop and implement effective security measures, conduct regular security assessments, and provide guidance on security best practices. 

• Design, establish and maintain secure standards for technology including but not limited to Networking, Serverless, Kubernetes, Access Management (IAM/Service Accounts), Secure CI/CD, Cloud Security and Application Security

• Partner with internal security teams to provide and solicit security guidance, drive adoption of security initiatives and transform them into actionable strategy

• Responsible for leveraging security principles, practices and tools to improve the reliability, integrity and security of cloud applications.

• Partner with internal organizational security teams to provide and solicit security guidance, drive adoption of security initiatives and transform them into actionable strategy

• Serve as a subject matter expert in providing security design guidance for complex systems

Standards:

• Create and promote frameworks, patterns, and methodologies that reduce the risk across the company.

• Stay informed about cloud and application security regulations and standards, ensuring compliance in all security-related activities.

Security Operations and Incident Response:

• Serve as an escalation contact in incident response activities, including investigating security incidents and recommending remediation actions.

Technical Mentorship:

• Provide technical mentorship and guidance to Lead-level and other Cloud Security Engineers

Qualifications: 

• Bachelor's degree in Computer Science, Information Technology, or a related field.

• Solid understanding of application security concepts, secure coding practices, and common vulnerabilities (e.g., OWASP Top 10). 

• Experience with security testing tools, such as static analysis, dynamic analysis, and penetration testing tools. 

• Strong knowledge of web application and network protocols (e.g., HTTP, HTTPS, TCP/IP, DNS). - Familiarity with various programming languages (e.g., Java, C#, Python) and frameworks.

• Proficiency in using security tools and technologies, such as SAST, DAST, IAST and WAF. 

• Knowledge of secure SDLC practices and methodologies. 

• Strong analytical and problem-solving skills, with the ability to think creatively to find innovative solutions to complex security challenges. 

• Excellent communication and interpersonal skills, with the ability to effectively collaborate with cross-functional teams. 

• Relevant security certifications (e.g., CASE, CISSP, CSSLP, CEH) are a plus.

Our Core Values

• Be Humble: You’re smart yet always interested in learning from others.
• Work Transparently: You always deal in an honest, direct and transparent way.
• Take Ownership: You embrace responsibility and find joy in having the answers.
• Learn More: Through blog posts, newsletters, podcasts, video tutorials and meetups you regularly self-educate and improve your skill set.
• Show Gratitude: You show appreciation and return kindness to those you work with.

Perks

• Competitive salary.
• Competitive annual bonus targets.
• 401k with dollar for dollar match, up to 6% of eligible earnings (base, bonus).  Plus additional company contribution.
• RSU grants (Long Term Incentives) for approved roles.
• Comprehensive medical, dental, vision and life insurance.
• 17 paid holidays per year, including 3 floating holidays.
• Annual Paid Time Off (PTO), with separate sick days
• 12 weeks paid Parental Leave
• Caregiver Leave
• Adoption and Surrogacy Assistance Plan
• Flexible workplace accommodations.
• We celebrate our wins with opportunities to attend Lakers, Knicks, Anaheim Ducks, Anaheim Angels and NY Rangers games.
• Opportunities to attend concerts, festivals and other live entertainment events in recognition of delivering great work.
• Tuition reimbursement.
• Attend a tech or marketing conference of your choice each year.
• A MacBook Pro and accompanying hardware to do great work.
• A modern productivity toolset to get work done: Slack, Miro, Loom, Lucid, Google Docs, Atlassian and more.
• Generous discounts on SkinMedica skin care products.
• Discounted aesthetic treatment days multiple times a year.
• $600 worth of Alle benefits each year to use towards aesthetic treatments and products.
• Eligible for donation matching to over 1.5 million nonprofit organizations.
• Attend AWS Re:Invent in person (Las Vegas) or virtually each year (for certain roles)