Fully Remote Application Security w/ Unlimited Vacation

A revolutionary financial technology software company is looking for an Application Security Engineer. They are creating a means to streamline accounting for major corporations, improving the efficacy of their financial teams. With much of this sensitive data being run through software, they need talented individuals with experience in protecting their client’s, and their own, information. Ideal candidates are those with experience with participating in architecture design reviews with senior engineering and product management staff to incorporate effective threat modeling and security standards into product design. They also need someone with an understanding of how to evaluate and instrument automation tooling to ensure security within any component of their platform.

They are primarily seeking those with a past in development along with experience effectively conveying information to management in a consultative role. AWS Cloud experience with Jenkins and GitHub tooling is a strong plus, as well as having touched automation and pen-testing in previous professional environments.

Required Skills & Experience

· 5+ years of experience with auditing web applications. · 3+ years using at least one high level programming language e.g. Node.js, Python, Go, Java, Ruby. · Experience utilizing web application security scanning software and penetration testing tools e.g. Burp Suite, ZAP, Nessus, Qualys, Metasploit, CANVAS, Nuclei, Cobalt Strike. · Experience and desire conducting security training for developers and the security team. · Experience performing threat modeling and secure design review in order to assess the security implications and requirements of new systems and technologies. · Experience building or working with distributed multi-tier web server-client architectures. · Experience with cloud environments AWS or Azure. · Strong foundational understanding of network and application fundamentals and best practices; e.g. HTTP, DNS, VPN, SAML, OAuth, OpenID etc. · Strong understanding of OWASP Top 10 vulnerabilities in web applications, including XSS, SSRF, IDOR, RCE, CSRF vulnerabilities. · Working knowledge of the Microsoft Security Development Lifecycle (SDL), OWASP Software Assurance Maturity Model (SAMM), or Building Security in Maturity Model (BSIMM) · Experience implementing security practices in automated CI/CD pipelines for application code, infrastructure, and/or serverless is a plus. · Strong sense of ownership, urgency and drive. · Strong ability to lead cross-team initiatives and communicate proposals and ideas concisely. Desired Skills & Experience · Strong experience with AWS and/or Azure. · Strong experience with Node.js, Python, React. · Experience securing multi-tenant enterprise SaaS products. · Knowledge of common compliance frameworks e.g. SOC, SOX, PCI and ISO standards. · Security certifications e.g. CISSP, OSCP, OWSP The Offer

• Bonus OR Commission eligible

You will receive the following benefits:

• Medical Insurance
• Dental Benefits
• Vision Benefits
• Paid Time Off (PTO)
• 401(k) {including match- if applicable}

Applicants must be currently authorized to work in the US on a full-time basis now and in the future.