As a Principal Application Security Engineer, you will engage in a variety of activities, either offensive, defensive, or some combination thereof, ultimately aimed at safeguarding our users who entrust us with their content every day.
Youll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles, and are a great team player.
This role is remote. The role requires three hours of overlap with the US Eastern time zone (i.e., New York City) daily.
Youll plan, carry out, and lead security initiatives to monitor and protect sensitive data and systems from infiltration and cyber-attacks.
You will likely collaborate frequently with and support developers, as well as members of the infrastructure security team, the compliance team, IT, Product, and other teams throughout the organization.
You love to solve puzzles, and are a great team player.
This role is remote. The role requires three hours of overlap with the US Eastern time zone (i.e., New York City) daily.
Requirements:
Required: 5+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.
Preferred: prior experience in Application Security
7+ total years of relevant experience in Engineering, Application Security, or a similar technical field.
Strong knowledge of modern web, mobile, and network security
Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby
Expertise with application pen testing, using tools like Burp or Zap
Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.
Confident with shell scripting
Confident with common SDLC components, like git, Jira, Jenkins, etc
Confident ability to communicate technical security concepts to developers
At least an upper-intermediate level of English
Bonus points:
Link to a Github repo with security tools/scripts youve developed or help maintain
Full-stack web development experience creating RESTful applications (in any language) is a big plus
Open source vulnerability research or blog posts is a big plusS
Experience with system security hardening guidelines and SDLC principles
Required: 5+ years of prior experience in either software development, devops, or site reliability engineering with hands-on coding experience.
Preferred: prior experience in Application Security
7+ total years of relevant experience in Engineering, Application Security, or a similar technical field.
Strong knowledge of modern web, mobile, and network security
Strong programming skills with at least one of the following languages, and the ability to read all of them: Python, Go, PHP, Javascript, and Ruby
Expertise with application pen testing, using tools like Burp or Zap
Confident working in and across cloud environments like AWS and GCP. Detailed knowledge of at least one cloud environment.
Confident with shell scripting
Confident with common SDLC components, like git, Jira, Jenkins, etc
Confident ability to communicate technical security concepts to developers
At least an upper-intermediate level of English
Bonus points:
Link to a Github repo with security tools/scripts youve developed or help maintain
Full-stack web development experience creating RESTful applications (in any language) is a big plus
Open source vulnerability research or blog posts is a big plusS
Experience with system security hardening guidelines and SDLC principles
This position is open to all candidates.
