Senior Application Security Engineer

About The Position

Requirements

• You have 4+ years of experience working in an application security role.
• You strongly understand the security best practices for the development lifecycle (SDLC).
• You have expert knowledge of web application protocols.
• You have deep technical knowledge of Content Security Policies (CSP) and how to implement them.
• You have strong experience working with AI and understand the areas to focus on to secure it.
• You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite.
• Expert understanding of the OWASP Top 10 and other application attacks.
• Experience installing and running a local developer environment for local testing of code.
• Deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security.
• Implemented/managed SAST and DAST tools such as StackHawk and Snyk with more than a year experience in each type of tool.
• Familiarity with common security libraries and tools.

Responsibilities

• Create, manage, and maintain the application security strategy and roadmap, tracking OKRs and work efforts over six quarters.
• Comfortable and excited to lead the application security domain, including managing and maintaining existing tools, executing domain strategies, and owning all aspects of application security.
• Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems.
• Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it.
• Provide subject matter expertise in the areas of secure coding, application authentication, encryption, AI, and quickly research and become competent in other areas as needed.
• Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture.
• Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions.
• Collaborate with the Developer Experience team to integrate security tools, workflows, and practices into development environments.
• Continually research current and emerging security threats and technologies, proposing changes and guidance that are most impactful.
• Develop appropriate technical solutions along with the latest security tools that help mitigate security vulnerabilities and also help automate repeatable activities.
• Build and provide high-quality application security documentation and training to engineers to set them up for success.
• Educate and train Alma engineering on information system security best practices using our security training solution as well as in-person and recorded training.
• Mature and execute the Threat Modeling program with engineers.
• Implement, manage, and maintain application security tools such as SAST and DAST scanners and own the workflow for remediation of findings.
• Assist with creating the reports for management regarding vulnerabilities, training, and other relevant metrics.

Benefits

• We’re a remote-first company
• Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans
• 401K plan (ADP)
• Monthly therapy and wellness stipends
• Monthly co-working space membership stipend
• Monthly work-from-home stipend
• Financial wellness benefits through Northstar
• Pet discount program through United Pet Care
• Financial perks and rewards through BenefitHub
• EAP access through Aetna
• One-time home office stipend to set up your home office
• Comprehensive parental leave plans
• 12 paid holidays and 1 Alma Give Back Day
• Flexible PTO
• Salary Band: $130,000 - $186,000