Senior Application Security Engineer
About The Position
As a member of the Application Security team, you will help prevent and mitigate vulnerabilities by collaborating with the rest of the organization and contributing product security enhancements. You will represent the organization to external security researchers via our Bug Bounty program, use a variety of tools to identify and manage application vulnerabilities, perform risk assessments, and work with developers to prevent security problems before they happen. This position will require a close working relationship with our development teams and their management to be successful. This is a highly visible role in the company to ensure that Recurly remains ahead of emerging application threats. Technology/Services you will use: Programming Languages (Ruby, Go, Rust, JavaScript), Cloud Armor WAF, Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools, Software Composition Analysis (SCA) tools, Bug Bounty Programs, Containers, Git and similar. The Application Security team shares the following responsibilities. The ideal candidate will be flexible and prepared to contribute across all of these areas as needed: ● Manage the end-to-end engineering and integration of AI/ML-driven security solutions into our DevSecOps pipeline and existing application security processes to maximize efficiency and coverage ● Architect, build, and maintain the infrastructure and tooling necessary to successfully deploy and operate new AI-powered security capabilities ● Proactively evaluate, pilot, and champion innovative ways to leverage artificial intelligence for vulnerability detection, threat modeling, and risk assessment optimization ● Use threat modeling to provide security guidance to Engineers ● Deliver secure development training ● Complete security code reviews of new features and bug fixes ● Complete security assessments of new products, services, and vendors ● Perform risk assessments to add items to the security backlog and prioritize that backlog ● Triage, reproduce, and work with application teams to fix bug bounty and pentest findings ● Review security posture and roadmap, make suggestions, and bring new ideas to the table ● Implement tooling into the DevSecOps pipeline to automate security testing ● Coordinate with SecOps to ensure that incident response plans for application-related incidents are up-to-date and valid ● Respond to incidents for high severity application vulnerabilities ● Implement Product Security features to increase the overall security of the application ● Triage and manage the results of automated scanning tools ● Conduct penetration tests on significant code changes being released
Requirements
- Developing in multiple programming languages
- Collaborating closely with development teams in a DevSecOps environment
- Managing Bug Bounty programs
- Demonstrated experience engineering and managing the integration of AI/ML models or tools into security pipelines (DevSecOps).
- Enthusiasm for exploring and implementing emerging technologies, specifically AI, to solve complex security challenges and increase team efficiencyUsing Static and Dynamic Code Analysis tools
- Building security checks into the CI/CD pipeline
- Conducting application analysis with Burp Suite
- Working with Terraform, Graylog, GCP, and Kubernetes
- Performing website application penetration testing
Responsibilities
- Manage the end-to-end engineering and integration of AI/ML-driven security solutions into our DevSecOps pipeline and existing application security processes to maximize efficiency and coverage
- Architect, build, and maintain the infrastructure and tooling necessary to successfully deploy and operate new AI-powered security capabilities
- Proactively evaluate, pilot, and champion innovative ways to leverage artificial intelligence for vulnerability detection, threat modeling, and risk assessment optimization
- Use threat modeling to provide security guidance to Engineers
- Deliver secure development training
- Complete security code reviews of new features and bug fixes
- Complete security assessments of new products, services, and vendors
- Perform risk assessments to add items to the security backlog and prioritize that backlog
- Triage, reproduce, and work with application teams to fix bug bounty and pentest findings
- Review security posture and roadmap, make suggestions, and bring new ideas to the table
- Implement tooling into the DevSecOps pipeline to automate security testing
- Coordinate with SecOps to ensure that incident response plans for application-related incidents are up-to-date and valid
- Respond to incidents for high severity application vulnerabilities
- Implement Product Security features to increase the overall security of the application
- Triage and manage the results of automated scanning tools
- Conduct penetration tests on significant code changes being released
Benefits
- As a full-time employee, Recurly offers competitive benefits programs, perks and options designed to fit your needs and the needs of your family. We offer medical, dental and vision benefits and a menu from which to choose options that work best for you and eligible dependents. We also offer life insurance, short and long-term disability, hospital indemnity, critical illness coverage, employee accident protection, health savings account (HSA) with company contribution & flexible spending account (FSA) options, employee assistance program, Legal and Pet Insurance.
- 401(k) Retirement Plan and company match
- Company equity
- Flex Time Off
- Company Events
- Training/Development
- Tuition reimbursement
- Commuter benefits
- Volunteer opportunities
- Monthly internet stipend
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
