Secure the Future of Risk Management with AuditBoard!
AuditBoard is revolutionizing the audit, risk, ESG, and InfoSec landscape. With over $200M ARR and a customer base that includes more than 50% of the Fortune 500 (including 7 of the Fortune 10!), we're not just building software; we're empowering organizations to navigate risk with clarity and agility. Recognized as a top-rated platform on G2.com and Gartner Peer Insights, our customers love us, and we think you will too!
Join a team that's passionate about innovation, dedicated to customer success, and committed to making a difference. We're proud to be one of the 500 fastest-growing tech companies in North America for the sixth consecutive year, as ranked by Deloitte!
Your Mission:
As a Sr. Application Security/Product Security Engineer, you'll be at the forefront of securing our cutting-edge platform. You'll collaborate directly with product and engineering teams to build secure and resilient software trusted by some of the most security-conscious organizations worldwide. You'll be a crucial security advisor to the AuditBoard engineering team, embedding security best practices into every stage of the SDLC. Your primary focus will be on threat modeling, secure design reviews, and the critical task of triaging and prioritizing application security vulnerabilities identified by our dedicated InfoSec team. Your expertise will be instrumental in shaping and advancing our secure SDLC practices.
What You'll Do:
Partner with product and engineering teams to champion security from the initial design phase through development.
Dive into our tech stack, including JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes.
Lead application threat modeling exercises, conduct thorough secure code reviews, and ensure the consistent application of secure coding practices, backed by the support of the InfoSec team.
Collaborate with the infosec team to drive the adoption of Secure SDLC solutions and practices, including SAST, DAST, SCA, IAST, and App Runtime.
Provide expert guidance and training on encryption, authentication, key security controls, and secure programming methodologies.
Validate, triage, and spearhead the remediation of vulnerabilities uncovered through internal testing, third-party penetration tests, and our bug bounty program.
Guide the implementation, configuration, and operation of application layer security controls like Web Application Firewalls (WAF) and DDoS mitigation solutions.
Contribute to security compliance activities as needed.
Assist in the investigation and response to security incidents and web application attacks.
What You'll Bring:
5+ years of experience in developing or securing web-based applications.
Strong proficiency in modern JavaScript (Node.JS, ES6, and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.).
Proven experience in leading threat modeling and secure design reviews.
Familiarity with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma, or similar platforms.
Solid understanding of Docker & Kubernetes.
Exceptional organizational, time management, and attention-to-detail skills.
A proactive, collaborative, and action-oriented approach to problem-solving.
Experience participating in the design review process, both seeking and providing constructive feedback.
Ability to provide significant input into system architecture, considering scalability and performance.
Excellent communication skills to articulate technical decisions through design documents, tech talks, and wikis.
A passion for mentoring and guiding junior and mid-level engineers.
Ability to participate in an on-call shift rotation.
Bonus Points:
Experience working on SaaS web applications.
Experience building and maintaining internal tooling and orchestration using Python and other scripting languages.
Experience building and securing CI/CD pipelines, incorporating supply chain security best practices.
Experience implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions.
Experience coordinating bug bounty and penetration testing engagements.
Experience leveraging, building and securing AI coding assistants, agents, and product solutions.
A BS in Computer Science (or equivalent experience).
Our Values:
Customer Obsession: We obsess over understanding and serving our customers.
Win, Together: We strive to be the best while supporting each other.
Gritty Resilience: We thrive in a fast-paced environment, balancing priorities with strategic goals.
Personal Improvement: We constantly seek feedback and opportunities to learn.
Constant Innovation: We challenge the status quo and drive improvements.
Perks & Benefits:*
Launch your career at one of the fastest-growing SaaS companies!
Live Your Best Life (LYBL): $200/month for anything that enhances your life.
Remote and hybrid work options, plus lunch in the Cerritos office.
Comprehensive employee health coverage (all locations).
401K with match (US) or pension with match (UK).
Competitive compensation & bonus program.
Flexible Vacation (US exempt & CA) or 25 days (UK).
Time off for your birthday & volunteering.
Employee resource groups.
Opportunities for team and company-wide get-togethers!
*Perks may vary based on eligibility/location
Please note that background checks are required. Qualified Applicants with arrest or conviction records will be considered for Employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. This role may have access to highly sensitive data, including employee data, customer data, company financials, and proprietary product information.
We love building strong partnerships, but please note that AuditBoard cannot accept unsolicited resumes from agencies. Any submissions without a signed agreement in place will not create a fee obligation.
#LI-Remote