Application Security Engineer, Proactive Security

About The Position

Requirements

• 2+ years of web protocols, common security attacks, and remediation (non-internship) experience
• Bachelor's degree in Engineering, Computer Science, or a related field
• Knowledge of system security vulnerabilities and remediation techniques, including penetration testing and the development of exploits or equivalent
• Experience with web protocols, common security attacks, and remediation (non-internship)
• Experience in application security architecture, security code reviews, security testing, incident response, or security infrastructure
• Experience with coding/scripting in one or more languages (e.g., Python, C, C++, Java, Ruby, or PowerShell)

Nice To Haves

• Experience with AWS services or other cloud offerings
• Experience in one or more of the following: application security frameworks, security code reviews, incident response, security infrastructure, penetration testing, mobile security, cloud security, AI security, identity and access controls
• Knowledge of one or more of the following domains: web application development, penetration testing, mobile security, cryptography, public key infrastructure, forensic security, IP security, SSL/TLS, computer viruses and malware, network security, trusted security, trusted execution, threat intelligence, IoT security implications, or authentication
• Experience scripting with Python, Perl, Bash or PowerShell
• Experience triaging and developing security alerts and response automation, conducting front-line analysis, and providing escalation support

Responsibilities

• Conduct security design reviews for new and existing services, evaluating architecture documents, threat models, and system designs for potential security risks
• Perform threat modeling exercises to identify attack vectors, security weaknesses, and areas of concern in application architectures
• Execute or coordinate penetration testing activities to validate security controls and identify exploitable vulnerabilities
• Document, track, and communicate security findings to service teams, providing clear remediation guidance and verifying fixes
• Provide security consultation to development teams on secure coding practices, authentication/authorization mechanisms, cryptographic implementations, and data protection strategies
• Identify and escalate high-severity security issues through appropriate channels, ensuring timely remediation aligned with launch timelines
• Maintain clear and thorough documentation of review outcomes, security decisions, and risk assessments
• Leverage automated security scanning tools and internal security platforms to support review activities and improve efficiency

Benefits

• health insurance (medical, dental, vision, prescription, Basic Life & AD&D insurance and option for Supplemental life plans, EAP, Mental Health Support, Medical Advice Line, Flexible Spending Accounts, Adoption and Surrogacy Reimbursement coverage)
• 401(k) matching
• paid time off
• parental leave