Senior Security Engineer, Applications
About The Position
As a Senior Security Engineer, (Applications Team) at BetterHelp, you’ll join a diverse team of licensed clinicians, engineers, product pros, creatives, marketers, and business leaders who share a passion for expanding access to therapy. And as a mental health company, we take employee mental health just as seriously as we do our mission. We deeply invest in our team’s well-being and professional development, because we know that business and individual growth go hand-in-hand. At BetterHelp, you’ll carve your own path, make an immediate impact, and be challenged every day – with a supportive community behind you the whole way. We are looking for a motivated Application Security Engineer who is looking to help build the maturity of our Application Security Team while growing their own security skill set. Our team prioritizes the full lifecycle of security triage: identifying vulnerabilities, reproducing exploits, meticulous code analysis, and crafting production-ready fixes. We are looking for an engineer with good attention to detail, the ability to learn quickly and pick up new skills independently, and a get-things-done attitude with eagerness to build something awesome!
Requirements
- 5+ years of experience in web application security
- Strong experience with code review, security reviews, security architecture, pentesting, and bug bounty programs
- Experience working in full-stack projects
- Experience with discovering and fixing common web security vulnerabilities
- Experience using web application pentesting tools (e.g. Burp Suite)
- Basic understanding of networking concepts (DNS, TCP/IP, VPNs)
- Able to explain complex ideas either verbally or in writing to a mixture of audiences
- Knowledge and understanding of the OWASP Top 10
- Experience creating security automations with GitHub Actions or other methods
Nice To Haves
- Experience coding in PHP and working with React/Next.js
- Experience using scripting, using regex, and writing bash scripts
- Experience with applications deployed in AWS & Kubernetes
- Awareness of AI and LLMs, and how they are used in consumer products
- Experience using AI and LLMs in security research
- Experience with threat modeling
Responsibilities
- Work with a nimble passionate security team, collaborating with development and product.
- Conduct vulnerability triage: handle internal and external vulnerability reports, and more importantly: go beyond investigating and write fixes yourself.
- Review code and help make decisions about secure coding decisions.
- Review new product features to ensure they are designed with security in mind
- Collaborate with other developers and teams for long term security success.
- Code solutions for preventative measures and generating alerts.
- Use your detective work to get to the AH-HA! moment when you find and replicate the root cause of an issue and figure out how to fix it.
- Care and be involved in our product, mission, and success - way beyond checking off tasks.
Benefits
- Remote work with regular in-person bonding experiences sponsored by the company
- Competitive compensation
- Holistic perks program (including free therapy, employee wellness, and more)
- Excellent health, dental, and vision coverage
- 401k benefits with employer matching contribution
- The chance to build something that changes lives – and that people love
- Any piece of hardware or software that will make you happy and productive
- An awesome community of co-workers
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
Education Level
No Education Listed
