Application Security Engineer Remote Jobs

10 Results

23d

Senior Application Security Engineer

LatticeSF, NYC, Remote
remote-firstDesignslackgraphqlrubyc++dockertypescriptkubernetespythonAWS

Lattice is hiring a Remote Senior Application Security Engineer

This is Engineering at Lattice

Lattice’s Engineering team is continuously working to better both our product and our craft. We use a modern, cutting-edge tech stack and love experimenting with new technologies. We strive for maintainable, robust, and performant code. We’re highly collaborative and continuously iterative and work closely with designers and product managers. We prioritize not only great technical architecture but also an amazing product experience.

Lattice is looking for someone to help our product developers build applications that our customers can use with confidence, knowing that at Lattice we work with strong security principles in mind. This role will work across a breadth of areas including application security, infrastructure security, and software supply chain. This role will involve both developing and managing tools, as well as acting as a consultant and partner for product developers. As such, it requires a balance of technical know-how and strong collaboration skills. Your days will vary, including: reviewing design proposals, writing design proposals, meeting with development teams to discuss their approaches and challenges, developing training materials, heads-down coding, and triaging bugs to understand their risks and remediations. You will also be involved in deciding how work is done and what tools and processes are appropriate.

What You Will Do

  • Mentor and advise product development teams in the area of application security
  • Assist teams in reproducing, triaging, and addressing application security vulnerabilities
  • Assist in the implementation of security processes and automated tooling that prevent classes of security issues
  • Design and implement Typescript code libraries and patterns to improve application security
  • Perform security-focused code reviews
  • Work with infrastructure teams to ensure our systems are secure
  • Support the bug bounty program
  • Evaluate tools, from SAST/DAST to cloud security analysis tooling, among others
  • Lead application security reviews and threat modeling, including code review and dynamic testing
  • Help develop security training and socialize the material with product development teams

What You Will Bring to the Table

Experience it’s important for you to have at some level:

  • Software development experience, ideally with Javascript/Typescript, or another programming language such as Python or Ruby
  • Familiarity with secure coding practices
  • Familiarity with security tools and libraries such as static/dynamic analysis tools and penetration testing tools
  • Familiarity with and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
  • Strong understanding and experience with common security libraries, security controls, and common security flaws
  • Strong communication and collaboration skills

Experience that would be helpful:

  • Familiarity with AI/LLMs for enhancing code quality and automating security analysis.
  • Familiarity with containerization (Docker, containerd, etc) and Kubernetes
  • Experience developing and operating cloud systems in AWS
  • Experience with GraphQL


----

The estimated annual cash salary for this role is $166,000 - $207,500. This position is also eligible for incentive stock options, subject to the terms of Lattice’s applicable plans

Benefits: The Company offers the following benefits for this position, subject to applicable eligibility requirements: Medical insurance; Dental insurance; Vision insurance; Life, AD&D, and Disability Insurance; Emergency Weather Support; Wellness Apps; Paid Parental Leave, Paid Time off inclusive of holidays and sick time; Commuter & Parking Accounts; Lunches in the Office; Workplace Amenities Stipend, Internet and Phone Stipend; One time WFH Office Set-Up Stipend; 401(k) retirement plan; Financial Planning; Learning & Development Budget; Sabbatical Program; and Invest in Your People Fund

*Note on Pay Transparency:

Lattice provides an estimate of the compensation for roles that may be hired as required by state regulations. Compensation may vary based on (a) location, as Lattice factors in specific location when benchmarking compensation for most roles; (b) individual candidate skills and qualifications; and (c) individual candidate experience.

Additionally, Lattice leverages current market data to determine compensation, so posted compensation figures are subject to change as new market data becomes available. The salary, other compensation, and benefits information is accurate as of the date of this posting. Lattice reserves the right to modify this information at any time, subject to applicable law.

#LI-remote

About Lattice

Lattice is on a mission to build cultures where employees and their companies thrive. In an age where employees have more choices than ever before, businesses that put employees first are winning ????– and Lattice is building the tools to empower those people-centric companies.

Lattice is a people success platform that offers performance reviews, employee engagement surveys, real-time feedback, weekly check-ins, goal setting, and career planning in a way that allows companies to focus on employee development, growth, and engagement – yielding stronger employee retention, performance, and impact to the bottom line ????. Since launching in 2016, we have grown to over 5,000+ customers globally, including brands like Slack, Robinhood, and Gusto. 


Lattice is committed to equal treatment and opportunity in all aspects of recruitment, selection, and employment without regard to gender, race, religion, national origin, ethnicity, disability, gender identity/expression, sexual orientation, veteran or military status, or any other category protected under the law. Lattice is an equal opportunity employer; committed to a community of inclusion, and an environment free from discrimination, harassment, and retaliation.

By clicking the "Submit Application" button below, you consent to Lattice processing your personal information for the purpose of assessing your candidacy for this position in accordance withLattice's Job Applicant Privacy Policy.

Apply for this job

+30d

Senior Application Security Engineer

GeminiRemote (USA)
remote-firstscalaDesignmobilec++pythonjavascript

Gemini is hiring a Remote Senior Application Security Engineer

About the Company

Gemini is a global crypto and Web3 platform founded by Tyler Winklevoss and Cameron Winklevoss in 2014. Gemini offers a wide range of crypto products and services for individuals and institutions in over 70 countries.

Crypto is about giving you greater choice, independence, and opportunity. We are here to help you on your journey. We build crypto products that are simple, elegant, and secure. Whether you are an individual or an institution, we help you buy, sell, and store your bitcoin and cryptocurrency. 

At Gemini, our mission is to unlock the next era of financial, creative, and personal freedom.

In the United States, we have a flexible hybrid work policy for employees who live within 30 miles of our office headquartered in New York City and our office in Seattle. Employees within the New York and Seattle metropolitan areas are expected to work from the designated office twice a week, unless there is a job-specific requirement to be in the office every workday. Employees outside of these areas are considered part of our remote-first workforce. We believe our hybrid approach for those near our NYC and Seattle offices increases productivity through more in-person collaboration where possible.

The Department: Application Security

The Role: Senior Application Security Engineer

As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities.

As a Senior Application Security Engineer on the Application Security team’s Product Security group, you will work closely with engineering and product teams to provide security recommendations and identify security issues throughout the software development lifecycle. This includes secure design reviews, threat modeling, secure code review, and penetration testing among other activities.

Responsibilities:

  • Support the Gemini Secure Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
  • Collaborate and advise engineering teams on application security best practices and vulnerability remediation
  • Perform deep-dive security reviews to ensure all Gemini products and services follow secure design principles across our product portfolio (web, mobile, and APIs)
  • Develop tools and research to scale the Product Security team
  • Create and deliver hands-on software security training to engineering teams to increase security awareness
  • Participate in the Application Security on-call rotation to support engineering teams during incidents
  • Role activities:
    • Manual source code review
    • Penetration testing
    • Design and implementation review
    • Threat modeling
    • Design and implementation consultation
    • Continuous assurance activities
    • Risk identification and categorization / management
    • Engineering education and engagement

Minimum Qualifications:

  • 5+ years of experience in application security or similar roles
  • Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
  • Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
  • Some background in development or scripting experience (Python, Scala, C++, or JavaScript)
  • Familiarity with and ability to understand business objectives, business context, and security risk
  • Strong communication skills and the ability to collaborate on a cross-functional team

Preferred Qualifications:

  • Experience with microservice architectures
  • Experience with cloud-native environments
  • Experience with preventing application security vulnerabilities through secure design patterns, automated tooling, or frameworks
It Pays to Work Here
 
The compensation & benefits package for this role includes:
  • Competitive starting salary
  • A discretionary annual bonus
  • Long-term incentive in the form of a new hire equity grant
  • Comprehensive health plans
  • 401K with company matching
  • Paid Parental Leave
  • Flexible time off

Salary Range: The base salary range for this role is between $152,000 - $190,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate’s compensation, we consider a number of factors including skillset, experience, job scope, and current market data.

At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know.

#LI-AH1

Apply for this job

+30d

Application Security Engineer

BugcrowdRemote Brazil
Designmobilec++linux

Bugcrowd is hiring a Remote Application Security Engineer

We are Bugcrowd. Since 2012, we’ve been empowering organizations to take back control and stay ahead of threat actors by uniting the collective ingenuity and expertise of our customers and trusted alliance of elite hackers, with our patented data and AI-powered Security Knowledge Platform™. Our network of hackers brings diverse expertise to uncover hidden weaknesses, adapting swiftly to evolving threats, even against zero-day exploits. With unmatched scalability and adaptability, our data and AI-driven CrowdMatch™ technology in our platform finds the perfect talent for your unique fight. We aim to create a new era of modern crowdsourced security that outpaces threat actors. Unleash the ingenuity of the hacker community with Bugcrowd, visit www.bugcrowd.com. Based in San Francisco and New Hampshire, Bugcrowd is supported by General Catalyst, Rally Ventures, Costanoa Ventures, and others.

Job Summary

At Bugcrowd, we handle application security assessment at an epic scale. As an Application Security Engineer (ASE) you will curate and manage the incoming security vulnerability submissions to some of the world’s biggest companies’ bug bounty programs. Here are just a few of the reasons why we are the best:

  • A tenure at Bugcrowd often means you have worked on not only one company’s security program but potentially on hundreds.
  • As an ASE at Bugcrowd you will be exposed to the Internet’s best security researchers and their cutting-edge security testing methodologies. Our ASEs quickly become technically fluent in obscure/complex XSS, SQLi, XXE, IDOR, SSTI, SSRF, and many other vulnerability types. There is no other organization that offers the learning opportunity that Bugcrowd does.
  • You will be exposed to things outside of your comfort zone. We routinely run security programs for cars, IoT devices, embedded systems, mobile applications, and more!
  • We have an awesome team and tons of perks. We’ve even been selected as one of “The 10 Coolest Security Startups Of 2016” by crn.com.

**Please note we are only considering candidates residing in Brazil

Essential Duties & Responsibilities

An ASE is responsible for the ongoing triage and validation services of Bugcrowd managed programs. Under the direction of the Director of Technical Operations, you will take incoming submission data and curate it for validity, accuracy, and severity as well as communicate directly with Bugcrowd’s clients or researchers when additional information is required. ASEs also handle Incident Response – escalating and communicating about the highest severity bugs to clients. ASEs need to have strong knowledgeof OWASP Top Ten type vulnerabilities. They also usually require a strong skill set in one scripting/development language, often to assist with the design or development of tooling for improving the triage/validation process.  The ASE position is perfect for security professionals looking to take their skills to the next level.

Education, Experience, Skills, & Abilities

  • Bachelor’s degree or previous security consulting experience
  • Published and demonstrated passion for security assessment research
  • High proficiency with Burp Suite (or any other interception proxy) and a working level of experience with other industry standard tools (nmap, sqlmap, anything included in Kali Linux)
  • Ability to execute on individual projects but still contribute to the team
  • Ability to complete tasks on time
  • Strong organization, influencing, and communication skills

Working Conditions

The ideal candidate must be able to complete all physical requirements of the job with or without reasonable accommodation.

Sitting and/or standing - Must be able to remain in a stationary position 50% of the time

Carrying and /or lifting - Must be able to carry / move laptop as needed throughout the work day.

Environment - remote, work-from-home 100% of the time.

Culture

  • At Bugcrowd, we understand that diversity in the workplace is vital to a company’s success and growth. We strive to make sure that people are included and have a sense of being part of making Bugcrowd not only a great product but a great place to work.
  • We regularly hear from both customers and researchers that Bugcrowd feels like a family, and we strive to maintain that internally as well.
  • Our team consists of a broad range of people: musicians, adventure sports junkies, nature lovers, parents, cereal enthusiasts, night owls, cyclists, artists—you get the point.

At Bugcrowd, we are solving security threats and vulnerabilities that are relevant to everyone, therefore we believe solving these problems takes all kinds of backgrounds. We value the perspectives and experiences people from underrepresented backgrounds bring.

 

Disclaimer

This position has access to highly confidential, sensitive information relating to the technologies of Bugcrowd. It is essential that the applicant possess the requisite integrity to maintain the information in the strictest confidence.

The company is authorized to obtain background checks for employment purposes under state and federal law. Background checks will be conducted for positions that involve access to confidential or proprietary information (including trade secrets).

Background checks may include Social Security verification, prior employment verification, personal and professional references, educational verification, and criminal history. Applicants with conviction histories will not be excluded from consideration to the extent required bylaw.


Equal Employment Opportunity:

Bugcrowd is EOE, Disability/Age Employer. 

Individuals seeking employment at Bugcrowd are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. 


Apply at: https://www.bugcrowd.com/about/careers/

 

See more jobs at Bugcrowd

Apply for this job

+30d

Application Security (AppSec) Engineer

ZegoLondon Area,England,United Kingdom, Remote Hybrid
DevOPSagilescalaDesignswiftmobilegitpythonAWS

Zego is hiring a Remote Application Security (AppSec) Engineer

About Zego

At Zego, we understand that traditional motor insurance holds good drivers back. It's too complicated, too expensive, and it doesn't reflect how well you actually drive. Since 2016, we have been on a mission to change that by offering the lowest priced insurance for good drivers.

From van drivers and gig workers to everyday car drivers, our customers are the driving force behind everything we do. We've sold tens of millions of policies and raised over $200 million in funding. And we’re only just getting started.

Overview of our Engineering Team

Zego puts technology first in its mission to define the future of the insurance industry. By focusing on our customers' needs we're building the flexible and sustainable insurance products and services that they deserve. And we do that by empowering a diverse, resourceful, and creative team of engineers that thrive on challenge and innovation.

Overview of the role

  • You will play a key role in shaping the future of Security at Zego.
  • You will be part of the team ultimately responsible for the security of the Zego services
  • You will collaborate closely with Product Engineering, Technical Operations, DPO, Information Security and Compliance to help build secure products and services
  • You will champion agile methodologies, metrics and tooling to support the teams in incrementally improving our security posture

Key Responsibilities

  • Collaborate closely with product and technical operations teams to identify and mitigate vulnerabilities across our technology stack.
  • Partner with product engineers to explore innovative ways to safeguard customer data.
  • Influence the development of security tools, processes, and culture to enhance our overall security posture.
  • Streamline developer workflows by optimising security remediation processes, driving efficiency, and improving resolution times.
  • Champion secure coding practices through code reviews, mentoring, and active collaboration with development teams.
  • Develop and maintain security-related documentation, including policies, procedures, and guidelines for both application and infrastructure security.
  • Respond to security incidents, working with the engineering team to ensure timely and effective resolution.
  • Cultivate a security-first mindset through knowledge sharing, internal guilds, and external engagement at meet-ups and conferences.
  • Support external security audits, assessments, certifications, and penetration testing initiatives.

What you will need to be successful in the Role

We are looking for engineers who embrace the DevOps culture to deliver continuous improvements to our security posture. Engaging and empowering the teams to drive change leveraging metrics and championing automation and observability.

What you'll bring to the Team

  • Strong knowledge of secure coding practices, secure software design principles, and secure software supply chain best practices in production environments.
  • Proven experience collaborating with software development teams, with an understanding of their workflows and challenges.
  • Proficiency in at least two programming languages such as Python, Scala, Node, Swift, or Kotlin.
  • Deep understanding of web application vulnerabilities, with practical experience applying OWASP guidelines and best practices.
  • Hands-on experience in managing application vulnerabilities, including identification, triaging, qualification, reporting, performing code reviews, and conducting remediation validation tests.
  • Expertise in performing root cause analysis for discovered vulnerabilities.
  • Experience integrating SAST/DAST/IAST/SCA toolchains into development workflows, along with maintaining these tools.
  • Skilled in using security testing tools such as Burp Suite or ZAP.
  • Experience coordinating and facilitating external web application penetration testing.
  • Ability to clearly communicate complex technical concepts to non-technical audiences.

If possible, we'd also love you to have

  • Experience with mobile security.
  • Familiarity with AWS cloud environments.
  • Knowledge of containers and Kubernetes.
  • Experience with Terraform.
  • Proficiency in Git and GitOps practices.

How we work

We believe that teams work better when they have time to collaborate and space to get things done. We call it Zego Hybrid.

Our hybrid way of working is unique. We don't mandate fixed office days. Instead, we foster a flexible approach that empowers every Zegon to perform at their best. We ask you to spend at least one day a week in our central London office. You have the flexibility to choose the day that works best for you and your team. We cover the costs for all company-wide events (3 per year), and also provide a separate hybrid contribution to help pay towards other travel costs. We think it’s a good mix of collaborative face time and flexible home-working, setting us up to achieve the right balance between work and life.

Benefits

We reward our people well. Join us and you’ll get a market-competitive salary, private medical insurance, company share options, generous holiday allowance, and a whole lot of wellbeing benefits. And that’s just for starters.

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, national origin, gender, sexual orientation, age, marital status, or disability status.

#LI-Hybrid

#LI-IL1

See more jobs at Zego

Apply for this job

+30d

Senior Application Security Engineer

Rustgolangc++python

Cloudflare is hiring a Remote Senior Application Security Engineer

About Us

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks. Cloudflare was named to Entrepreneur Magazine’s Top Company Cultures list and ranked among the World’s Most Innovative Companies by Fast Company. 

We realize people do not fit into neat boxes. We are looking for curious and empathetic individuals who are committed to developing themselves and learning new skills, and we are ready to help you do that. We cannot complete our mission without building a diverse and inclusive team. We hire the best people based on an evaluation of their potential and support them throughout their time at Cloudflare. Come join us! 

Available Locations: Austin, New York, and Washington DC.

About the Department

The Security team at Cloudflare is focused and committed to helping secure both Cloudflare and our customers. The Application and Product Security team at Cloudflare is focused on and committed to securing both Cloudflare and our customers. The Application & Product Security team is responsible for keeping our products, and platforms secure.

What you’ll do

We are looking for a Security Engineer to help us in our mission to build a better internet. Part engineer, part hacker, you will work with our engineering and security teams to build solutions for .

  • Work with engineering teams to help secure Cloudflare products and platforms
  • Assess products and new feature releases through threat modeling, code review and security testing. Also provide guidance on effective countermeasures
  • Contribute to security architecture/design and assist in building and rolling out processes for secure code development and deployment
  • Build secure frameworks & libraries that engineering teams can use at scale
  • Build internal security tools and automate processes that help fix security problems at a massive scale. 
  • Managing and prioritizing multiple tasks in accordance with high level objectives

Key skill sets and Knowledge

Security engineers take part in a wide variety of tasks and projects on the team. One individual is not expected to know everything, but a working knowledge in several of the following areas is required: 

  • Experience in securing large scale distributed systems
  • Experience in designing, building and implementing systems
  • Experience in assessing the security posture of systems/services
  • Experience in penetration testing and providing mitigating controls
  • Strong engineering background and programming experience (Python, Golang, Rust, Bash, etc.)
  • Strong communication skills and ability to work with remote teams
  • Results and goal-oriented

Compensation

Compensation may be adjusted depending on work location and level.

  • Estimated annual salary for Texas based hires $168,000 - $187,000 USD

Equity

This role is eligible to participate in Cloudflare’s equity plan.

Benefits

Cloudflare offers a complete package of benefits and programs to support you and your family.  Our benefits programs can help you pay health care expenses, support caregiving, build capital for the future and make life a little easier and fun!  The below is a description of our benefits for employees in the United States, and benefits may vary for employees based outside the U.S.

Health & Welfare Benefits

  • Medical/Rx Insurance
  • Dental Insurance
  • Vision Insurance
  • Flexible Spending Accounts
  • Commuter Spending Accounts
  • Fertility & Family Forming Benefits
  • On-demand mental health support and Employee Assistance Program
  • Global Travel Medical Insurance

Financial Benefits

  • Short and Long Term Disability Insurance
  • Life & Accident Insurance
  • 401(k) Retirement Savings Plan
  • Employee Stock Participation Plan

Time Off

  • Flexible paid time off covering vacation and sick leave
  • Leave programs, including parental, pregnancy health, medical, and bereavement leave

What Makes Cloudflare Special?

We’re not just a highly ambitious, large-scale technology company. We’re a highly ambitious, large-scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.

Project Galileo: We equip politically and artistically important organizations and journalists with powerful tools to defend themselves against attacks that would otherwise censor their work, technology already used by Cloudflare’s enterprise customers--at no cost.

Athenian Project: We created Athenian Project to ensure that state and local governments have the highest level of protection and reliability for free, so that their constituents have access to election information and voter registration.

1.1.1.1: We released 1.1.1.1to help fix the foundation of the Internet by building a faster, more secure and privacy-centric public DNS resolver. This is available publicly for everyone to use - it is the first consumer-focused service Cloudflare has ever released. Here’s the deal - we don’t store client IP addresses never, ever. We will continue to abide by our privacy commitmentand ensure that no user data is sold to advertisers or used to target consumers.

Sound like something you’d like to be a part of? We’d love to hear from you!

This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Please note that any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.

Cloudflare is proud to be an equal opportunity employer.  We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness.  All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law.We are an AA/Veterans/Disabled Employer.

Cloudflare provides reasonable accommodations to qualified individuals with disabilities.  Please tell us if you require a reasonable accommodation to apply for a job. Examples of reasonable accommodations include, but are not limited to, changing the application process, providing documents in an alternate format, using a sign language interpreter, or using specialized equipment.  If you require a reasonable accommodation to apply for a job, please contact us via e-mail athr@cloudflare.comor via mail at 101 Townsend St. San Francisco, CA 94107.

See more jobs at Cloudflare

Apply for this job

+30d

Senior Application Security Engineer

Integral Ad ScienceRemote Ireland
DevOPSkotlinterraformscalajavatypescriptjenkinspythonAWS

Integral Ad Science is hiring a Remote Senior Application Security Engineer

We are looking for a Senior Application Security Engineer to join our team to help us build and secure the Integral Ad Science (IAS) infrastructure and security operations. As part of the Information Security team you will participate and collaborate with multiple Product and R&D teams to ensure that the IAS Platform and our architecture remains secure and compliant. We are a small but growing group of dedicated hard working individuals working to secure IAS relying on our experience and industry standards and we are looking for a dynamic, personable individual to join this team.  If you enjoy the pace of the changing security landscape and an environment where you can make a direct and visible impact, then IAS is the place for you.

 

What you’ll get to do:

    • Define, plan and carry out IAS’ security framework and application protections
    • Develop security standards & best practices for the R&D organization as well as recommend security enhancements to management as needed
    • Develop strategies to respond to and recover from security vulnerabilities and incidents
    • Educating the workforce on secure application security through training and security awareness.
    • Attain Security training and certification
    • Evaluate and recommend additional tools to enhance our application security posture
    • Develop automation to implement and improve security processes across the SDLC
    • Work with multiple teams for secure devops release cycle

You should apply if you have most of this:

    • 5- 10 + years of application security experience with a development or coding background
    • Direct experience working with code analysis products (SAST, DAST, IAST etc.)
    • Experience with threat modeling and penetration testing using both manual and automated methods. 
    • CI/CD experience using tools such as Github, Jenkins, etc. 
    • Practical knowledge of one or more relevant coding languages (e.g. Java, python, go, kotlin, scala, typescript, etc.) 
    • Familiarity with architecting or developing cloud native applications with AWS services
    • Familiarity with common cloud security tooling such as CSPMs, SIEM, etc.
    • Familiarity with cloud provisioning tools such as Terraform, Cloud Formation with focus on security
    • Experience planning, researching and developing security policies, standards and procedures with comprehensive documentation
    • Experience working with development, engineering and architecture teams to ensure security best practices are followed.
    • Ability to communicate effectively and work independently utilizing critical thinking skills, the ability to learn new concepts and problem solving as they arise

 

About Integral Ad Science

Integral Ad Science (IAS) is a leading global media measurement and optimization platform that delivers the industry’s most actionable data to drive superior results for the world’s largest advertisers, publishers, and media platforms. IAS’s software provides comprehensive and enriched data that ensures ads are seen by real people in safe and suitable environments, while improving return on ad spend for advertisers and yield for publishers. Our mission is to be the global benchmark for trust and transparency in digital media quality. For more information, visit integralads.com.

Equal Opportunity Employer:

IAS is an equal opportunity employer, committed to our diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age. We strongly encourage women, people of color, members of the LGBTQIA community, people with disabilities and veterans to apply.

 

To learn more about us, please visithttp://integralads.com/andhttps://muse.cm/2t8eGlN

Attention agency/3rd party recruiters: IAS does not accept any unsolicited resumes or candidate profiles. If you are interested in becoming an IAS recruiting partner, please send an email introducing your company to recruitingagencies@integralads.com. We will get back to you if there's interest in a partnership.

#LI-Hybrid

See more jobs at Integral Ad Science

Apply for this job

+30d

Senior Application Security Engineer

CLEAR - CorporateNew York, New York, United States (Hybrid)
postgresDesignmobilejavatypescriptkubernetespythonAWSjavascript

CLEAR - Corporate is hiring a Remote Senior Application Security Engineer

We’re looking for an experienced Senior Application Security Engineer to help us secure the next generation of products which will go beyond just ID and enable our members to leverage the power of a networked digital identity. As a Senior Security Engineer at CLEAR, you will participate in the design, implementation, testing, and deployment of applications to build and enhance our platform- one that interconnects dozens of attributes and qualifications while keeping member privacy and security at the core. 

A brief highlight of our tech stack:

  • Java / Javascript / React / Typescript / Python / Postgres
  • AWS cloud 

What you'll do:

  • Work side by side with engineering and product resources to define security requirements for new features and services
  • Build threat models, testing plans, and validation strategies to ensure a high secure bar for the system
  • Review code, infrastructure, and architecture for common security flaws, as well as bespoke, business logic flaws
  • Perform and manage penetration tests of critical features
  • Develop and maintain tools and infrastructure, such as SAST and DAST scanning 
  • Bridge and facilitate communication between engineering teams and other parts of the Security organization

What you're great at:

  • You understand how to analyze a system and look for potential threats at every stage of the SDLC. You have experience with system design reviews, threat modeling, and common vulnerabilities in Web and Mobile applications
  • You have worked with cloud-based architectures, especially those built on AWS and Kubernetes
  • You can write software beyond small scripts, and you are proficient in one (or more) of the following languages: Java, Javascript, Python
  • You are a strong communicator who can explain security concepts to a variety of audiences and levels, as well as work collaboratively across technical and non-technical teams
  • You are comfortable with high levels of autonomy and delivering on complex goals

How You'll be Rewarded:

At CLEAR we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with talented team members who are motivated by our mission of making experiences safer and easier. Our hybrid work environment provides flexibility. In our offices, you’ll enjoy benefits like meals and snacks. We invest in your well-being and learning & development with our stipend and reimbursement programs. 

We offer holistic total rewards, including comprehensive healthcare plans, family building benefits (fertility and adoption/surrogacy support), flexible time off, free OneMedical memberships for you and your dependents, and a 401(k) retirement plan with employer match. The base salary range for this role is $150,000 - $190,000, depending on levels of skills and experience.

The base salary range represents the low and high end of CLEAR’s salary range for this position. Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience and performance. The range listed is just one component of CLEAR’s total compensation package for employees and other rewards may include annual bonuses, commission, Restricted Stock Units

About CLEAR

Have you ever had that green-light feeling? When you hit every green light and the day just feels like magic. CLEAR's mission is to create frictionless experiences where every day has that feeling. With more than 25+ million passionate members and hundreds of partners around the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - unlocking easier, more secure, and more seamless experiences - making them all feel like magic.

CLEAR provides reasonable accommodation to qualified individuals with disabilities or protected needs. Please let us know if you require a reasonable accommodation to apply for a job or perform your job. Examples of reasonable accommodation include, but are not limited to, time off, extra breaks, making a change to the application process or work procedures, policy exceptions, providing documents in an alternative format, live captioning or using a sign language interpreter, or using specialized equipment.

#LI-Hybrid #LI-Onsite

See more jobs at CLEAR - Corporate

Apply for this job

+30d

Application Security Engineer

NEARRemote - North America
RustsqlDesignmobileapic++pythonjavascript

NEAR is hiring a Remote Application Security Engineer

About Pagoda

Pagoda is a technology services firm dedicated to developing core components for the NEAR Ecosystem. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

About The Role

Pagoda's growing security team seeks an Application Security Engineer to help us enhance the security of our cutting-edge blockchain applications. Partnering closely with our engineering and product teams, you'll play a vital role in applying your security expertise throughout the software development lifecycle.

What You’ll Be Doing

  • Work alongside engineers to integrate security best practices into design reviews, threat modeling, code reviews, and penetration testing.
  • Participate in secure code review and penetration testing efforts, honing your skills with hands-on experience under the guidance of senior team members.
  • Contribute to deep-dive security reviews of our web, mobile, and API products to ensure they adhere to secure design principles.
  • Participate in security training and share your learnings with the broader engineering team to foster a culture of security awareness.
  • Assist in incident response to gain valuable real-world experience and help protect Pagoda's systems and data.
  • Gain exposure to SAST/DAST tools (Snyk, Stackhawk), bug bounty analysis, and risk assessment, building a foundation for future growth.

What We’re Looking For

  • 5+ years of experience in application security or a related field, with a passion for learning and growing your skillset.
  • A solid understanding of security fundamentals and common vulnerabilities (e.g., XSS, CSRF, SQL Injection).
  • A knack for identifying potential risks and collaborating with engineers to find effective solutions.
  • The ability to effectively communicate security concepts to both technical and non-technical audiences.
  • A collaborative mindset and a willingness to learn from and teach others

We’d Love If You Have

  • Familiarity with one or more programming languages (Python, JavaScript, Rust) to aid in code review and vulnerability analysis.
  •  An interest in blockchain technology and a desire to contribute to the security of the Web3 ecosystem.

Here’s What Our Interview Process Looks Like

Our interviews take place via Zoom and typically consists of the following stages:

  • Recruiter Call
  • Hiring Manager Call
  • 1st Round
    • Bug Bounty Interview
    • Technical Assessment with Engineering 
  • Final Round
    • Meet with CTO
    • Pagoda Values Interview

Compensation

The base salary range for this role is $153,000$170,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.

The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, there are other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process. 


Benefits & Perks

  • Encouraged 20 days of flexible PTO per year, plus your local holidays
  • Wellness weeks – 2 weeks of paid company-wide closures 
  • 100% Paid medical, dental and vision, AD&D and life insurance for US employees, including 85% coverage for dependents, and HSA + FSA options; For non-US employees, 100% Paid private medical coverage available at the highest tiered plan
  • Access to licensed therapists and mental health resources through Spill, 100% confidential and paid by Pagoda; plus $75 monthly reimbursement for wellness
  • Generous parental leave options; All employees have access to $10,000 in fertility assistance through Carrot
  • For US employees, 401(k) retirement plan available (no match)
  • Annual company retreats and team offsites (2023 was in Spain; 2022 in Portugal)
  • $2,000 Continued Education Reimbursement
  • $2,000 Home Office Reimbursement  
  • Co-working Space Reimbursement

Our Values at Pagoda

Our values express our company culture. Learn more on our careers page.

Pagoda is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, or other legally protected status.

Global Data Privacy Notice for Job Candidates and Applicants

Information collected and processed as part of your Pagoda Careers profile, and any job applications you choose to submit is subject to our Privacy Policy. By submitting your application, you are agreeing to our use and processing of your data as required.

See more jobs at NEAR

Apply for this job

+30d

Application Security Engineer

StockXRemote, USA
iosandroiddockerkubernetesAWSPHP

StockX is hiring a Remote Application Security Engineer

Help empower our global customers to connect to culture through their passions.

Application Security Engineer

About the role:

This hands-on security engineering position will be part of StockX's Information Security Cloud & Application Engineering team, leading efforts to enhance the security of software development practices. Members of this team work with several stakeholders to ensure appropriate processes, procedures, and controls are adequately designed and implemented to meet StockX security requirements, mitigate risks, and ensure compliance. This is a critical IC role on the StockX Information Security team and will work with several stakeholders in Product, Engineering, Operations, Customer Service, Safety & Trust, & IT.

What you’ll do

  • Assist software development architects on secure coding and architecture practices
  • Assist with metric collection and application methodologies for internal information risk management efforts
  • Consult with teams to ensure data is properly handled throughout our environment
  • Collaborate with business, technology, project management, architecture and information security teams to deliver secure solutions that support our business
  • Serve as a liaison between the business and IT for technical security projects
  • Stay current on information security practices
  • Perform qualitative risk assessments on systems and applications
  • Work with information security analysts to ensure visibility and security controls are implemented and maintained
  • Enhance technologies and processes for information security analysts
  • Participation in one or more of the following:
    • Maintaining the organization’s security information tools (AlienVault, Snyk, GitGuardian, ServiceNow, etc)
    • Conducting code reviews and assisting with remediations across multiple apps and services (PHP, React, iOS, Android, NodeJS, etc)
    • Help drive the shift left movement within StockX by implementing tooling within our CI/CD pipelines (DevSecOps)
    • Driving best practices for AWS Cloud Security in greenfield projects, reviewing current practices, and auditing current policies/infrastructure
    • Serving as a liaison between Compliance and Engineering to ensure we are meeting our regulatory requirements

About you

  • 3 years in a technical IT security role
  • GIAC, GSEC, OSCP or other security certifications preferred
  • Experience with web application security, including OWASP Top 10 vulnerabilities
  • Familiarity with SecDevOps and CI/CD best practices
  • Knowledge of cloud security, including AWS
  • Knowledge of container security, including Docker or Kubernetes
  • Excellent communication and interpersonal skills
  • Strong problem-solving skills and attention to detail
  • Willingness to learn and get up to speed quickly.
  • Excellent analytical, organizational, and communication skills. Ability to say No.
  • Experience and ability to mentor senior and junior engineers in the team for best outcomes.

 

Pursuant to the San Francisco Fair Chance Ordinance, Los Angeles Fair Chance Initiative for Hiring Ordinance, and any other state or local hiring regulations, we will consider for employment any qualified applicant, including those with arrest and conviction records, in a manner consistent with the applicable regulation.

Pursuant to the various pay transparency laws/acts, the base salary range is $120,000 to $145,000 plus opportunities for benefits (e.g., medical, dental), equity and discretionary bonuses. Compensation is dependent on geography and may vary.

About Us

StockX is proud to be a Detroit-based technology leader focused on the large and growing online market for sneakers, apparel, accessories, electronics, collectibles, trading cards, and more. StockX's powerful platform connects buyers and sellers of high-demand consumer goods from around the world using dynamic pricing mechanics. This approach affords access and market visibility powered by real-time data that empowers buyers and sellers to determine and transact based on market value. The StockX platform features hundreds of brands across verticals including Jordan Brand, adidas, Nike, Supreme, BAPE, Off-White, Louis Vuitton, Gucci; collectibles from artists including KAWS and Takashi Murakami; and electronics from industry-leading manufacturers Sony, Microsoft, Nvidia, and Apple. Launched in 2016, StockX employs more than 1,000 people across offices and verification centers around the world.
 
 
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. This job description is intended to convey information essential to understanding the scope of the job and the general nature and level of work performed by job holders within this job. However, this job description is not intended to be an exhaustive list of qualifications, skills, efforts, duties, responsibilities or working conditions associated with the position. StockX reserves the right to amend this job description at any time.

See more jobs at StockX

Apply for this job

+30d

Staff Application Security Engineer

WebflowU.S. Remote
Webflowremote-firstc++

Webflow is hiring a Remote Staff Application Security Engineer

At Webflow, our mission is to bring development superpowers to everyone. Webflow is the leading visual development platform for building powerful websites without writing code. By combining modern web development technologies into one platform, Webflow enables people to build websites visually, saving engineering time, while clean code seamlessly generates in the background. From independent designers and creative agencies to Fortune 500 companies, millions worldwide use Webflow to be more nimble, creative, and collaborative. It’s the web, made better. 

 

We’re looking for a Staff Application Security Engineer to help us level up Webflow’s secure development practices ranging from secure coding, tooling, and improving procedures.

 

About the role 

  • Location: Remote-first (United States; BC & ON, Canada) 
  • Full-time 
  • Permanent
  • Exempt 
  • The cash compensation for this role is tailored to align with the cost of labor in different geographic markets. We've structured the base pay ranges for this role into zones for our geographic markets, and the specific base pay within the range will be determined by the candidate’s geographic location, job-related experience, knowledge, qualifications, and skills.
    • United States  (all figures cited below in USD and pertain to workers in the United States)
      • Zone A: $191,600 - $260,600
      • Zone B: $180,100 - $245,000
      • Zone C: $168,600 - $229,350 
    • Canada  (All figures cited below in CAD and pertain to workers in ON & BC, Canada)
      • CAD 217,000 - CAD 296,350
  • Please visit our Careers page for more information on which locations are included in each of our geographic pay zones. However, please confirm the zone for your specific location with your recruiter.

  • Reporting to the Manager, AppSec

 

As a Staff Application Security Engineer, you’ll … 

  • Collaborate with the Webflow engineering team to secure Webflow’s web application platform and ecosystem.
  • Bring security best practices to the software development lifecycle.
  • Work as part of a team to champion security standards while balancing business strategies and requirements.
  • Support Webflow’s security current and future compliance frameworks
  • Work to find security vulnerabilities through grey-box techniques, and propose solutions at the architecture and code level to mitigate findings.
  • Contribute code and architecture improvements to enable security within Webflow’s application for engineers.
  • Cross-train entry and mid-level application security engineers

 

In addition to the responsibilities outlined above, at Webflow we will support you in identifying where your interests and development opportunities lie and we'll help you incorporate them into your role.

 

About you 

You’ll thrive as a Staff Application Security Engineer if you:

  • Has 7+ years of experience in application security
  • Has led medium to large application security programs 
  • Has led and delivered multi-quarter/complex security projects
  • Has experience mentoring other application security engineers
  • Led application security roadmaps in collaboration with engineering teams and organizations.
  • Significant experience penetration testing, finding and developing high complexity application vulnerabilities.

 

Our Core Behaviors:

  • Obsess over customer experience.We deeply understandwhatwe’re building andwhowe’re building for and serving. We define the leading edge of what’s possible in our industry and deliver the future for our customers.
  • Move with heartfelt urgency.We have a healthy relationship with impatience, channeling it thoughtfully to show up better and faster for our customers and for each other. Time is the most limited thing we have, and we make the most of every moment.
  • Say the hard thing with care.Our best work often comes from intelligent debate, critique, and even difficult conversations. We speak our minds and don’t sugarcoat things — and we do so with respect, maturity, and care.
  • Make your mark.We seek out new and unique ways to create meaningful impact, and we champion the same from our colleagues. We work as ateamto get the job done, and we go out of our way to celebrate and reward those going above and beyond for our customers and our teammates.

Benefits & wellness

  • Equity ownership (RSUs) in a growing, privately-owned company
  • 100% employer-paid healthcare, vision, and dental insurance coverage for employees and dependents (full-time employees working 30+ hours per week), as well as Health Savings Account/Health Reimbursement Account, dependent care Flexible Spending Account (US only), dependent on insurance plan selection where applicable in the respective country of employment; Employees may also have voluntary insurance options, such as life, disability, hospital protection, accident, and critical illness where applicable in the respective country of employment
  • 12 weeks of paid parental leave for both birthing and non-birthing caregivers, as well as an additional 6-8 weeks of pregnancy disability for birthing parents to be used before child bonding leave (where local requirements are more generous employees receive the greater benefit); Employees also have access to family planning care and reimbursement
  • Flexible PTO with a mandatory annual minimum of 10 days paid time off for all locations (where local requirements are more generous employees receive the greater benefit), and sabbatical program
  • Access to mental wellness and professional coaching, therapy, and Employee Assistance Program
  • Monthly stipends to support health and wellness, smart work, and professional growth
  • Professional career coaching, internal learning & development programs
  • 401k plan and pension schemes (in countries where statutorily required) financial wellness benefits, like CPA or financial advisor coverage
  • Discounted Pet Insurance offering (US only)
  • Commuter benefits for in-office employees

Remote, together

At Webflow, equality is a core tenet of our culture. We are an Equal Opportunity (EEO)/Veterans/Disabled Employer and are committed to building an inclusive global team that represents a variety of backgrounds, perspectives, beliefs, and experiences. Employment decisions are made on the basis of job-related criteria without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, veteran status, or any other classification protected by applicable law. Pursuant to the San Francisco Fair Chance Ordinance, Webflow will consider for employment qualified applicants with arrest and conviction records.

Stay connected

Not ready to apply, but want to be part of the Webflow community? Consider following our story on our Webflow Blog, LinkedIn, X (Twitter), and/or Glassdoor.

Please note:

To join Webflow, you'll need valid U.S. or Canadian work authorization depending on the country of employment.

If you are extended an offer, that offer may be contingent upon your successful completion of a background check, which will be conducted in accordance with applicable laws. We may obtain one or more background screening reports about you, solely for employment purposes.

For information about how Webflow processes your personal information, please reviewWebflow’s Applicant Privacy Notice

See more jobs at Webflow

Apply for this job