- Date Posted
- May. 25, 2021
Our culture is one of character, humility, responsibility, purpose, authenticity, and no a-holes. We are growing rapidly and that growth is enabled by strong teamwork, communication, and mentorship. We want people who are passionate about becoming experts in both the business and the technologies that support it.
Our core platform is written mostly in Python with some services in Java and Go. We prefer to use the right tool for the job and make pragmatic decisions about how to scale and de-couple systems as we continue to grow. We’re looking for someone who can navigate a cloud environment (AWS) with many moving pieces and systems to help the team understand how they fit into the broader puzzle.
- Triage and prioritize application security vulnerabilities.
- Develop internal application security testing pipeline and review processes.
- Build and conduct secure coding training for all developers.
- Mentor and train engineers to build secure products
- Implement automated, proactive security measures (e.g., SAST/DAST).
- Develop Secure SDLC process and communicate process to Engineering.
- Building Application security metrics
- At least 3-5 years of direct experience either working on or leading an application security team.
- Experience conducting application security reviews.
- Experience with building/measuring metrics and KPIs to track application security issues
- Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, Drone, Buddy).
- Experience developing SDLC processes.
- Experience working with SAST/DAST and tools (e.g., Synopsys, Veracode, GitLab Secure, GitHub Advanced Security, etc.).
- Experience with threat modeling methodologies (e.g., STRIDE).
- Experience with Java, Go and Python secure coding assessments.
- Experience in API design and system architecture
- Experience in bug bounty management
- Teaching experience