- San Francisco
- Date Posted
- May. 26, 2021
- Financial Services
Build the world’s fastest Identity and Checkout products
Our mission is to make buying online faster, safer and easier for everyone. Fast Login and Fast Checkout enable a one-click sign-in and purchasing experience that makes it easier for people to buy and merchants to sell. The company’s products work on any browser, device or platform to deliver a consistent, stress-free purchasing experience. Fast is entirely consumer-focused and invests heavily in its users’ privacy and data security. Headquartered in San Francisco but open to globally remote, we are a founders-led, privately held company funded by Stripe, Index Ventures, Susa Ventures and other world-class investors.
We are committed to diversity and inclusion, and demonstrate our values through equitable pay, fantastic benefits, and access to all reasonable accommodations.
We are looking for a hands-on leader to build and run the Application Security function at Fast. You will collaborate with the VP of Security to build out Fast’s application security program. You will be responsible for helping with the architecture, development and deployment of application security tools and technologies to protect Fast’s platform and backend infrastructure. Does this sound like you? We want to talk to you!
- Develop the secure SDLC process at Fast and help perform static security code analysis (SAST) of Fast’s code base on a regular basis and provide relevant recommendations to Fast’s developers.
- Help perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production
- Manage the threat modeling process on existing and upcoming feature sets in the various Fast platform offerings so that appropriate security controls can be built from the ground up
- Run the bug bounty program at Fast and work with the developers for timely remediation issues.
- Manage external independent Application Security Testing and quickly resolve problems
- Identify all vulnerabilities originating from third party dependencies and ensure proper response
- Impart ongoing secure code and application security best practices training to developers.
- Bachelors in Computer Science or related field (or equivalent experience)
- 8+ years in a security engineering role
- Solid understanding of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
- Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
- Experience with developing threat models (STRIDE, DREAD, etc.)
- Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
- Experience with automation tools like Ansible, Chef, Puppet, Jenkins
- Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
- Experience with Web Application Firewalls (WAF)
Benefits of life @ Fast
- Fast Flex allows all of our employees to choose where they want to work: our office (when open), their home or any place else in the world.
- Early stage well-funded company with innovative engineering and product culture
- Inclusion and diversity as a company priority
- Competitive compensation packages
- Comprehensive benefits (including 99% of healthcare cost and 401k matching)
- Home office reimbursements and snack deliveries (and awesome swag!)