Staff Application Security Engineer
About The Position
Braze is seeking a Staff Application Security engineer to join our team. Braze is a modern, cloud-first, SaaS application company with no classical “legacy” systems. We are seeking a Staff Application Security engineer to work with our existing Application Security team to better protect our production applications and their related application infrastructure, as well as provide expert level guidance to development teams around secure architecture for their systems. You are a person who is comfortable with, and excels in an environment where you are the sole point of technical escalation for complex, large scale software security projects. You are able to effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states. You are an expert at communicating security requirements to developers, technical teams, and non-technical parties. You have developed your tone of delivery for all categories of recipients and have a track record of ensuring mutual understanding for your security implementation requests and assessment of risk. You have a deep understanding of SaaS software development lifecycles. You have strong, pre-formed opinions on how to ensure security in the development cycle while simultaneously creating a condition where technical teams are not burdened by controls. You have experience in both successes and failures in implementation of security controls in both the development cycle and post-production environments, and can articulate implementation importance and reasoning to both high-level engineers, academics, and management. You are able to handle complex security incidents and escalations as a technical incident commander, and make determinations quickly, accurately, and with a cool head. You have experience with medium to large scale incident response and can process several simultaneous technical and administrative inputs while consistently working towards clear goals for remediation and containment. You are familiar with not only garden variety attack patterns, but have studied and understand TTP’s of advanced threat actors and can visually pattern match data points in order to make accurate predictions about unknowns during incidents.
Requirements
- 10+ years of experience securing an application at a company at an IC level or higher
- Demonstrable experience in consistently locating novel security vulnerabilities in web software
- 5+ years experience conducting penetration tests both as a single tester and on a team
- 5+ years of experience in application incident response
- Experience with active testing against AI/LLM integrated web applications and APIs
- Experience with scripting languages and automation
- Direct experience in the triage/validation of vulnerabilities in systems they may not be familiar with, and the ability to properly articulate risk and provide accurate mitigation recommendations
- Ability to read and understand Javascript, Ruby, and Kotlin (Development level proficiency not required)
- 5+ years of experience as an Application Security leader or sole responsible party
Nice To Haves
- Experience with Mail Delivery systems/experience in the MarTech space
- Experience managing a public bug bounty program
- CVE’s or published vulnerabilities, and corresponding conference talks
- Involvement with an open source project
- Experience with the review and risk evaluations of 3rd party integrations
- Experience with mobile application penetration testing (including testing methodologies that include location of security vulnerabilities in applications with pinned certificates)
Benefits
- Competitive compensation that may include equity
- Retirement and Employee Stock Purchase Plans
- Flexible paid time off
- Comprehensive benefit plans covering medical, dental, vision, life, and disability
- Family services that include fertility benefits and equal paid parental leave
- Professional development supported by formal career pathing, learning platforms, and a yearly learning stipend
- A curated in-office employee experience, designed to foster community, team connections, and innovation
- Opportunities to give back to your community, including an annual company-wide Volunteer Week and donation matching
- Employee Resource Groups that provide supportive communities within Braze
- Collaborative, transparent, and fun culture recognized as a Great Place to Work®
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
