Application Security Engineer
About Upside
Upside is revolutionizing brick-and-mortar commerce by bringing the sophistication of online retail to the real world. Our technology uses profit measurement, attribution, and incrementality to deliver more value to consumers on their everyday purchases and provide brick-and-mortar businesses with new, profitable customers. We've empowered millions of users to earn 2-3x more cashback than any other product and helped hundreds of thousands of businesses achieve measurable profit. With billions of dollars in commerce flowing through our platform annually, we're driving value back to retailer partners, consumers, and vital sustainability initiatives.
Your Mission
As an Application Security Engineer, you'll report to the Director of Information Security and collaborate with technology stakeholders to fortify our platform. You will leverage your expertise in secure code practices and payment systems to identify and remediate application vulnerabilities. In this individual contributor role, you will innovate for our AppSec team, elevate our AppSec posture, and enable our engineers to write secure code.
What You'll Do
Innovate with AI to develop and deploy cutting-edge security solutions for mitigating application vulnerabilities.
Conduct security code reviews (SAST, SCA) and partner with engineers to address and remediate insecure code.
Develop comprehensive threat models and collaborate with technology teams to review and document potential risks.
Provide expert guidance to leadership on security architecture, design, and application security best practices.
Develop and deliver training programs to enhance engineers' skills in secure coding and vulnerability management.
Contribute to penetration testing initiatives and/or manage bug bounty programs.
Support the administration of AWS Control Tower and IAM provisioning.
Engage with the security community and stay informed about the latest trends and threats.
What You'll Bring
6+ years of experience in application or product security, including experience reviewing Python code.
Proven track record of innovating and implementing solutions related to vulnerability management.
Deep understanding of AWS and Lambda security architecture, including expertise in AWS Control Tower.
Strong understanding and practical experience with AI technologies.
Bachelor’s degree in Computer Science or Engineering is highly preferred.
Exceptional customer service and interpersonal skills.
Tech Stack
Here are some of the tools you'll be working with:
Github Suite (Advanced Security, Actions, Copilot)
Python
Terraform
AWS Lambda, DynamoDB, S3, SNS, SQS, IAM, VPCs
ChatGPT
Snowflake
SQL
Location
This is a hybrid role based in our Austin, Chicago, DC, or NYC office. In-office attendance is required on Monday, Tuesday, and Thursday, and may increase based on project-based needs and changes to Upside’s in-office policy over time.
Compensation
The U.S. base salary range for this full-time position is $200,000 - $221,000 + equity + benefits. The final starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. Your recruiter can share more about the specific salary range during the hiring process.
Benefits
Medical, dental, and vision coverage starting on Day 1
Equity (ISOs)
401(k) program
Family planning programs + paid parental leave
Physical fitness and wellness memberships
Emotional and mental health support programs
Unlimited PTO + 10 paid federal holidays + our annual, week-long Winter Break
Flexible work environment
Lunch reimbursement for in-office employees
Employee Resource Groups
Learning and Development stipend
Transparent culture
Amazing mission!
Diversity and Inclusion
Diversity drives innovation, and our differences make us stronger. We‘re passionate about building a workplace that represents a variety of backgrounds, skills, and perspectives, and we do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Everyone is welcome here!
If there's anything we can do to support a disability or special need during your application or interview process, please email [email protected].
A Note to Recruiters
This is an in-house search with a dedicated recruiter. Please do not submit resumes to any person or email address at Upside. Upside is not liable for, and will not pay, placement fees for candidates submitted by any party or agency other than its approved recruitment partners.