Senior Application Security Engineer

Who we are

Gatik, the leader in autonomous middle-mile logistics, is revolutionizing the B2B supply chain with its autonomous transportation-as-a-service (ATaaS) solution and prioritizing safe, consistent deliveries while streamlining freight movement by reducing congestion. The company focuses on short-haul, B2B logistics for Fortune 500 retailers and in 2021 launched the world’s first fully driverless commercial transportation service with Walmart. Gatik's Class 3-7 autonomous trucks are commercially deployed across major markets, including Texas, Arkansas, and Ontario, Canada, driving innovation in freight transportation. 

The company's proprietary Level 4 autonomous technology, Gatik Carrier™, is custom-built to transport freight safely and efficiently between pick-up and drop-off locations on the middle mile. With robust capabilities in both highway and urban environments, Gatik Carrier™ serves as an all-encompassing solution that integrates advanced software and hardware powering the fleet, facilitating effortless integration into customers' logistics operations. 

About the role

We're looking for a Senior Application Security Engineer who wants to work in a fast-paced, execution-oriented team. Gatik’s Fleet Management Software team is responsible for the design, development, deployment & maintenance of various applications in our product suite that serve our customers and partners and provide seamless visibility into and interaction with our AV fleet that enables freight-only operations for unparalleled safety, efficiency, responsiveness, and reliability in middle-mile logistics.

This role is onsite 5 days a week at our Mountain View, CA office!

What you'll do

• Align Gatik's Software Development Life Cycle with security best practices: conducting security assessments 
• Coordinate with developers on all aspects of SDLC through planning, feasibility analysis, design, development, testing to implementation and operations
• Conduct threat modeling, pen tests, code reviews and security reviews
• Conduct security assessment focused on Cloud infrastructure (AWS, Azure or GCP)
• Identify and Mitigate Vulnerabilities in the Application software and Cloud infrastructure
• Mature Gatik's processes, practices and toolset 
• Improve, develop, and maintain security documentation 
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Provide product security guidance and architecture oversight, design reviews, and security feature roadmap collaboration
• Develop new security automation and tooling to improve our detection of application vulnerabilities, and to assist in the remediation of findings
• Conduct Dynamic and static analysis

What we're looking for

• Bachelor's Degree in Computer Science, Information Technology, Cyber Security, or related field of study
• 7+ years of industry experience in Application or Product security
• Strong expertise conducting DAST/SAST 
• Strong understanding of web and mobile application security
• Strong knowledge of applied cryptography, TLS/SSL, web authentication protocols such as OAuth/SAML
• Strong knowledge of Cloud security architecture and automating security practices
• Experience securing applications built in Azure, AWS or GCP
• Strong knowledge of Containers and Orchestration technologies like Docker & Kubernetes
• Scripting experience in Python, Ruby, Javascript or Typescript
• Strong knowledge in security vulnerabilities, attack vectors, mitigation techniques, and best practices
• Strong knowledge of OWASP Top 10 vulnerability detection and mitigation
• Experience developing and operating cloud systems in Azure