Sr. Application Security Engineer/Sr. Product Security Engineer (Remote)

About The Position

Requirements

• 5+ years of experience developing or securing web-based applications
• Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)
• Experience with leading threat modeling and secure design reviews
• Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus.
• Docker & Kubernetes
• Excellent organization, time management, and attention to detail
• Must be action-oriented and have a proactive and collaborative approach to solving issues
• Participates in the design review process, seeking and providing constructive criticism
• Provides significant input into system architecture, considers scalability and performance
• Communicates technical decisions through design docs, tech talks, and the wiki
• Provides mentorship and technical guidance to junior and mid-level engineers
• Ability to work within an on-call shift rotation

Nice To Haves

• Experience working on SaaS web applications
• Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages
• Experience with building and securing CICD pipelines and incorporating supply chain security best practices.
• Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions
• Experience coordinating bug bounty and penetration testing engagements
• Leveraging, building and securing AI coding assistants, agents, and product solutions
• BS in Computer Science (or equivalent experience)

Responsibilities

• Working with product and engineering teams to implement security throughout the design and development process.
• Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes.
• Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team.
• Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime.
• Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices.
• Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs.
• Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions.
• Assisting with Security Compliance activities as required.
• Assisting with investigation and response to security incidents and web application attacks as necessary.

Benefits

• Launch a career at one of the fastest-growing SaaS companies in North America!
• Live your best life (LYBL)! $200/mo for anything that enhances your life
• Remote and hybrid work options, plus lunch in the Cerritos office
• Comprehensive employee health coverage (all locations)
• 401K with match (US) or pension with match (UK)
• Competitive compensation & bonus program
• Flexible Vacation (US exempt & CA) or 25 days (UK)
• Time off for your birthday & volunteering
• Employee resource groups
• Opportunities for team and company-wide get-togethers!