Application Security Engineer

About The Position

Requirements

• 2+ years experience as a full-time security researcher and/or application security engineer.
• Possess willingness to responsibly discover Weave systems to help identify meaningful and exploitable risks.
• Experience assessing the security configuration and hardness of systems, databases, network devices, applications, and processes used within an organization.
• Ability to write code to test vulnerabilities in code produced by and systems operated by Weave.
• Demonstrate strong integrity so as to not compromise the trust of Weave customers.
• Ability to perform security assessments, penetration tests, and other vulnerability scans on Weave systems to identify, assess, prioritize, remediate, and monitor the security of Weave systems.
• Experience working with security operations analysts to help more effectively identify nefarious activity performed by hackers.
• Knowledge of effective threat modeling skills and techniques.
• Knowledge of and experience with setting up, configuring, running, triaging, and tuning static code analysis, dependency code scanning, and dynamic code scanning tools.
• Possess strong understanding of AWS and GCP and core services provided by AWS and GCP.
• Have a strong working knowledge of Linux, Windows, and other common computer technologies.
• Possess understanding of good security practices.
• Demonstrate strong, effective communication skills--both written and verbal.

Nice To Haves

• A deep understanding of application security practices, secure code development, and application security tooling.
• The demonstrative capability to do the responsibilities described above.
• A strong desire to work at Weave because you are interested in our products, what we are working on, and who you will be working with.
• A track record of achievements in your past roles and companies.
• Demonstrated history of securing SaaS products.
• Ability to remove ambiguity and distill what matters and what doesn’t.
• A sense of humor and ability to have fun while working hard!

Responsibilities

• Collaborating closely with product and development team members during the software development lifecycle to identify security risks.
• Acutely identifying vulnerabilities introduced during product development.
• Deploying, tuning, triaging, and reviewing output produced by static code analysis tools, dependency code scanning tools, dynamic code scanning tools, and other application security tools.
• Deployment of tooling into SDLC environment, and pipelines.
• Holding team members accountable to timelines for mitigating identified application security risks. Enforcing established SLA’s
• Facilitating application security reviews and threat modeling exercises.
• Educating and enabling Engineering teams to self-serve
• Engaging with third party penetration testing organizations to facilitate effective security tests against Weave and its products.
• Optimizing the application security review process to meet the fast-paced product development at Weave.
• “Red Teaming” the organization--turning over rocks to identify untreated application security risks.
• Providing training to Weave’s development team members to build confidence in secure development practices.
• Enhancing the awareness of good security practices throughout the organization.
• Performing Demos/Talks in front of Engineering, (and non-technical) staff.
• Being a subject matter expert for team members to lean on for advice and guidance.
• Working closely with designers and engineers to deliver secure experiences to our customers.
• Defining measurable outcomes and maintaining focus on those outcomes throughout the execution of the security roadmap.