Senior Security Engineer – Application Security

WHAT YOU’LL BE DOING:

We’re evolving security to operate at the speed of DevOps. Our Platform and Application Lifecycle Security (PALS) Team provides practical, risk-based and relevant guidance to our development teams so they can build secure products faster, with a focus on security operations, security automation, and security risk management. Together, we win when our product development teams have the context, resources and tools needed to build, deploy, and maintain secure code autonomously.

You will bring your curiosity and desire to learn while you leverage your technical expertise to identify and deliver high impact security solutions that scale across our infrastructure. You will help define, refine and review our automated security tooling, assist in the management and resolution of product and infrastructure vulnerabilities, and enable the business to continue delivering a high-quality security product.

YOU’LL BE RESPONSIBLE FOR: 

• Understanding security best practices and company security policy to provide actionable guidance for our product development teams
• Partnering with our infrastructure teams to ensure security is sensibly applied across our operating environments
• Performing security risk assessments for product features and identifying potential gaps and opportunities in existing security controls
• Researching and designing automated security risk mitigation technologies for our cloud environments
• Integrating security tools into existing infrastructure
• Ensuring tools used to support secure development are designed and deployed to provide actionable data to the teams dependent on them
• Other software engineering and operational application security responsibilities, as required
• Where permitted by applicable law, must have received or be willing to receive the COVID-19 vaccine by date of hire to be considered for employment

SKILLS AND REQUIREMENTS: 

• 4 year college degree AND 5+ years of professional experience OR a combination of training and relevant work experience in an information security or software development role
• The ability to effectively communicate and collaborate with cross-functional teams
• The ability to understand and consider new ways to solve old problems
• Experience with delivering secure solutions via cloud services, such as AWS and Azure
• Solid understanding of software engineering and secure development principles
• Experience with threat modeling, security design reviews and risk assessments
• Proficiency in at least one programming language
• A desire to automate mundane and repetitive tasks

Preferred: 

• Experience working with HashiCorp Terraform
• Experience with AWS Services, specifically container-based and server-less architecture
• Experience with Microsoft Azure functions
• Experience with security testing tools such as OWASP Zap, Portswigger Burp Suite
• Experience with integrating security tools into CICD pipelines
• Experience using common IAM, logging, monitoring, configuration and system management technologies

We offer a competitive salary that includes base + company bonus + equity.  Final salary will be based upon experience and geographic location.  Salary range: $ 120,000 - $140,000