Level Up Your AppSec Game
Join our Security team as an Application Security Engineer and be at the forefront of protecting our users and applications! We're not just looking for someone to find vulnerabilities; we need a proactive problem-solver who can build scalable security solutions, champion best practices, and partner with engineers to bake security into everything we do. If you're passionate about AppSec, thrive on complex challenges, and want to make a real impact in a fast-paced environment, this is your chance.
What You'll Do
Security Pipeline Architect: Design, implement, and maintain security automation within our CI/CD pipeline, wielding tools like SAST, SCA, and API Security scanners to catch vulnerabilities early.
Bug Bounty Guardian: Manage and enhance our bug bounty program, collaborating with security researchers and engineering teams to validate, triage, and remediate findings. Be the bridge between the external security community and our internal teams.
Code Whisperer & Pentesting Pro: Conduct in-depth secure code reviews and penetration testing to unearth vulnerabilities and guide developers toward secure coding practices.
Product Security Champion: Partner with engineering and product teams to shape security architecture, perform threat modeling, and ensure secure design principles are integrated across all our applications.
Cloud Security Vanguard: Strengthen our cloud security posture by leveraging CSPM tools (Wiz, Orca) and implementing best practices to maintain visibility and governance across our cloud environments.
Phishing Awareness Leader: Spearhead initiatives to raise security awareness through engaging phishing simulation campaigns and informative training programs for all employees.
What You'll Bring
Experience
5+ years of hands-on experience in the application security domain.
Deep practical experience with application security testing tools, including SAST, API Security testing, and SCA.
Comprehensive understanding of common vulnerabilities (OWASP Top 10, CWE, CVEs) and proven remediation techniques.
Experience integrating security practices seamlessly into CI/CD pipelines.
Exceptional communication and collaboration skills, with the ability to influence and work effectively with cross-functional teams.
A track record of leading security projects independently and delivering impactful results.
Technical Skills
Solid experience with cloud-native application security (AWS, GCP, or Azure).
Familiarity with container security best practices (Docker, Kubernetes).
Experience securing Infrastructure as Code (IaC) deployments (Terraform, CloudFormation).
Bonus points for contributions to open-source security projects or active involvement in the AppSec community.
Relevant certifications (e.g., OSWE, OSCP, CISSP) are highly valued.
Perks & Benefits
Competitive salary that reflects your expertise.
Significant sign-on stock options, so you directly benefit from our shared success.
Discretionary performance bonus (awarded in stock options) to recognize outstanding contributions.
Generous paid annual leave to recharge and pursue your passions.
Access to the latest technology and tools to stay at the cutting edge of AppSec.
A supportive and collaborative team environment where you'll learn and grow your skills.