Sr. Application Security Engineer About Company: Company offers the most-trusted app building platform for anyone looking for a better way to work. Company gives businesspeople and IT experts the ability to easily build and integrate apps to track, manage, and automate processes in days, not weeks. Our customers make lasting and substantial improvements to their business using Company’s bullet-proof cloud-based technology — and they love getting the industry’s best customer experience every step of the way. We are looking for an experienced Sr. Application Security Engineer to help us build our application security program. As the Sr. AppSec Engineer, you lead efforts to shift-left and “make security easy” for the Engineering teams. You provide clarity, drive accountability, and push for continuous improvement as we build security into our applications and services. The Sr. Application Security Engineer reports to the Director, Information Security. The position is fully remote with occasional travel to corporate HQ in Denver, CO. Responsibilities AppSec Leadership:
Lead efforts to further define and improve our application security strategy and secure SDLC processes.
Serve as a subject matter expert for secure coding practices, application pen testing, mobile platform security, and other aspects of application and product security.
Demonstrate and train others in secure coding practices and threat modeling.
Mentor and guide Security Champions embedded throughout the Engineering teams.
Lead efforts to define and implement a Responsible Disclosure program
Collaborate with Engineering to automate security testing in our CI/CD pipelines.
Collaborate with Engineering to confirm vulnerability findings. Leverage proof-of-concept exploit code to gauge our exposure.
Partner with Engineering and Product teams to prioritize security issues relative to vulnerability criticality and business goals.
Partner with Engineering to perform application security design reviews and code audits.
Collaborate with Engineering to drive attainment of shared product vulnerability metrics.
Maintain awareness of emerging mobile and web application vulnerabilities.
Maintain awareness of emerging practices in software engineering, DevOps, and application security.
Maintain technical expertise, certifications, and industry credentials through training, conferences, and professional organization membership
Must have 4+ years of experience in application security.
Strong people skills and experience collaborating with developers and Engineering leadership to promote secure SDLC.
Strong foundations in software engineering.
Ability to articulate and show application vulnerabilities, exploitation techniques, and prevention concepts.
Experience with SAST, DAST, SCA, fuzzers, and related application security tools
Experience with open source or commercial webapp pen testing tools
Effective cross-functional communication. Comfortably switches context between red, blue, and engineering team perspectives.
Strong sense of personal accountability and commitment to team success.
B.S. or M.S. in Computer Science or related field.
AppSec or pen-test certification such as OSCP, OSWA, GWEB, GCPN or other relevant certification is a plus.
Experience with software assurance maturity models, e.g., OWASP SAMM
Experience with containers and Kubernetes
Experience with GitLab
Salary & Benefits
The salary range for this position is $125,000 - $155,000
We cover 100% medical, dental, and vision benefits
We understand you have a life outside of work and have an unlimited, flexible time-off policy
We provide competitive paid parental leave for all new parents after 6 months
We made Built in Colorado’s Best Small Companies to Work For list, Denver Business Journal’s Largest Denver-area Tech Employers list, and Outside Magazine’s 50 Best Places to Work list
You will have the opportunity to challenge yourself and have a high degree of responsibility and impact
Your daily tasks will change often and give you many opportunities to grow your professional and technical skillset and advance your career
Education & Training
Hands-on low-code application development training via Company University.
Sponsorship for Project Management Institute’s (PMI) Citizen Developer certification program.
Security certification and continuing education assistance.
Work location within the United States is flexible if approved by Company except that position may not be performed remotely from the state of California. Candidates must be eligible to work in the United States. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran. Company EEO Policy Statement.