Senior Application Security Engineer

ABOUT THE TEAM

The product security plays a vital role in identifying and mitigating risks within the Mural product as well as partnering with other engineering teams to recommend product features that enhance security for our customers.

YOUR MISSION

As an Application Security Engineer, your role will involve executing the MURAL product security strategy. You will manage Mural’s public bug bounty submissions, SAST testing within our CI workflow. Collaborating closely with developers, you will work to expand security testing coverage and lead security reviews of MURAL product features. Additionally, you will play a crucial role in educating and promoting secure coding best practices.

WHAT YOU'LL DO

• Performing security reviews of Mural product features and architecture
• Manage and operate our bug bounty program
• Lead penetration testing and manage any risks to remediation
• Implementation and operation of SAST and DAST technologies in the CI workflow
• Working closely with Engineering teams to track and manage product risks to remediation
• Working closely with Engineering to increase coverage of security testing
• Communicating and nurturing relationships with security researchers, customers, and other stakeholders
• Producing metrics to help track the health of our product vulnerability management strategy
• Educating and evangelizing secure coding best practices

WHAT YOU'LL BRING

• 5+ years experience in a product security focused role
• Experience with product security at a multi-tenant SaaS company preferred
• Experience with vulnerability management
• Deep understanding of web application and mobile application security risks
• Deep understanding of Linux, Networking, Cryptography, and Cloud Architecture fundamentals
• Software development experience with Node.JS or other frameworks like React, Angular, etc. is a preferred
• Familiarity with MongoDB, Node.JS, Ruby, and/or Python is preferred. 
• If you have participated in public or private Bug Bounty programs, or have any other open source or community contributions, presentations, or blog posts in the security space, please share it with us!
• Excellent command of English, both written and verbal

For roles based in New York City, California, Colorado, and Washington, the base salary for this role ranges from $160,000 - $200,000 + benefits. Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for variable compensation.