Senior Application Security Engineer (AppSec Engineer)

About The Position

Requirements

• Bachelor's degree in Computer Science, Software Engineering, or a related field; 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security or any combination of education, experience, and training which provides the following knowledge, skills, and abilities:
• Bachelor's degree in Computer Science, or a related field; or equivalent work experience.
• 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security
• Proficient in securing programming languages, including React, TypeScript, and Node.js, and a strong understanding of relational database security
• Knowledge of securing APIs
• Experience configuring and managing both SAST (e.g. Synopsis, Snyk, Checkmarx, Veracode) and DAST (e.g. Stackhawk, Qualys, Burp Suite) tools
• Experience with Cloud Infrastructure (AWS, Azure, GCP) and securing SaaS applications
• Excellent communication skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders.
• Strong problem-solving and analytical skills.
• Knowledge of Secure Coding techniques
• Familiarity with industry accepted security and compliance frameworks (e.g. NIST CSF, CIS, SOC2, PCI-DSS, etc.)
• Familiarity with regulatory requirements (e.g. CCPA, GLBA, etc.).
• General knowledge of governance, risk, and compliance

Nice To Haves

• Experience as a Security Engineer with a focus in Application Security
• Ability to work in a fast-paced, high growth startup environment, with the ability to handle additional security related responsibilities as we continue to grow
• Proficient with security tools and technologies
• Understanding of web application architecture
• Familiarity with performing threat modeling
• Security Certifications are a plus

Responsibilities

• Develop and maintain software application security policies and procedures
• Conduct secure code reviews, threat modeling, and manual security assessments to identify potential risks, vulnerabilities and exploits in ComplyAuto applications
• Collaborate and provide actionable technical guidance to the software development team on remediating application security vulnerabilities and exploits
• Promote secure coding best practices based on recognized standards
• Develop and maintain documentation of application security controls
• Implement software application security controls
• Design and deliver periodic secure code training
• Design technical solutions to address security weaknesses
• Participate in incident response for application related events, including lessons learned and design of test scenarios
• Manage application security testing tools and platforms
• Integrate and automate security testing as part of the CI/CD pipeline

Benefits

• 401(k) 5% match (1:1)
• Medical, dental, and vision insurance; premiums we pay 100% for employee and family
• HSA contribution for qualifying plans
• Unlimited Paid time off and 11 observed holidays
• Laptop and related hardware required provided