The Job:
As an application security engineer on the Security Engineering team, you’ll be responsible for making sure that the products that Simple ships to our customers are secure and that our platform is safe.
An application security engineer at Simple focuses on:
- Collaborating with product engineers to ensure that security is baked in from the planning stages of a feature
- Application code review, both for new features and existing systems
- Building threat models for applications and working with application engineers to apply those models
- Automation, primarily in the build pipeline, to make security a part of our daily process
- Supporting our bug bounty program
We’d Like To See:
- 2+ years experience in an application security role or similar job experience
- Strong communication skills
- Ability to collaborate with application engineers
- Proficiency with at least one programming language, such as Scala, Java, Python, or Ruby.
- Ability to review code in a variety of languages, picking up new languages as necessary
- Experience with threat modeling
- Knowledge of security flaws and their resolution as listed in sites like OWASP, SANS, etc.
- Automation experience, particularly in the context of a build pipeline
- Familiarity with cloud security, especially as it relates to AWS.
- Experience with mobile rooting/jailbreaking/injection testing is a plus
About You:
You will be successful in this role if you are passionate about security and continuously seek ways to improve your craft. You believe that security is more of a concept than an organization and it is your mission to foster that culture across team boundaries. You are passionate about providing consultation to engineering teams on technical security decisions. You seek to understand things from perspectives other than your own and are someone who enjoys working alongside others.
What You’ll Do All Day:
- Build, enhance, and maintain security automation
- Assist in security assessments of existing and newly developed Simple features and products. Clearly communicate identified vulnerabilities and identify new assessment techniques to prevent them in the future. Document comprehensive reports on the assessment effort and discovered vulnerabilities.
- Participate in enterprise-wide risk assessment activities, contributing input from the perspective of application security subject matter expert
- Capable of prioritizing tasks; participates in design of features with guidance; capable of owning design for projects of moderate complexity, and understands the tradeoffs in creating software in their area.
- Participate in threat modeling
- Review and triage bug bounty submissions, reproduce vulnerabilities, determine and execute appropriate payouts.
- Participate in on-call rotation and investigations of information security incidents.
- Respond to security-related incidents
The Team:
We believe strongly in metrics, testing, continuous integration, and working fluidly and harmoniously with our engineering and product teams. We take security very, very seriously.
Come As You Are:
We recognize the dire lack of diversity in our industry, and we’re not okay with it. We actively seek to address it with our hiring and retention practices, as well as our office culture. Our culture isn’t something employees join, it’s something they build and shape. We believe that every person and their lived experience is integral to building a work environment, and a product that will change the world. If you’re on the fence about whether you’re a fit, we say go for it, and apply!
Why Simple’s a Great Place to Work:
- Competitive salary and inclusive benefits package, including 4-months of 100% paid parental leave, additional PTO for volunteer & advocacy days, and affordable health insurance for partners & families.
- A supportive and nurturing place to work. We know good ideas come from everywhere, so we work to ensure every person feels psychologically safe to take risks and think outside of the box here. Our dog-friendly space provides a wellness room, adjustable desks & ergonomic chairs, monthly on-site acupuncture & massages, all gender restrooms, and dietary & allergy conscious catering.
- Ample opportunity to connect with your coworkers through company-funded Employee Resource Groups & Simple community events.
- We’re committed to hiring quality human beings. Simple is a place where others will watch out for you and help you learn. We like and respect one another.
- We believe that financial confidence belongs to everyone – and we will work to remove every barrier along the way. We sweat the small stuff, and build with intention.
