Senior Application Security Engineer

The Job:

As an engineer on the Product Security team, you’ll be responsible for making sure that the products that Simple ships to our customers are secure. Safety isn’t a static, unchanging concept.  Rather, a safe product is well-designed, has had a lot of craft put into its’ design and delivery, and is unlikely to have critical security vulnerabilities.

On a day to day basis you will be working closely with our software engineers and other product security engineers to help impact design decisions and correct security flaws as they are found. You will also conduct in-house penetration testing and code-reviews of Simple applications and platform and develop and integrate automated solutions for conducting these tests.

We’d Like To See: 

  • Knowledge of security flaws and their resolution as listed in sites like OWASP, SANS, etc.
  • Experience with secure application architecture, design, development, code review, and penetration testing of web and mobile applications
  • Experience developing automated security testing solutions with the ability to integrate into engineering tools such as Github, Jenkins, or other continuous integration tools.
  • Proficiency with at least one programming language, such as Python or Ruby.
  • Experience with JVM based languages
  • Familiarity with cloud security, especially as it relates to AWS.
  • Understanding of cryptography, including protocols, key management, encryption and hashing methods.
  • Experience writing vulnerability reports and communicating their technical details and security impact to developers and management.
  • Experience with security and engineering tools such as Burp Suite, sqlmap, wireshark, Apache mod_security or other WAF solutions, Threat Stack,  Jenkins, and Git.
  • Experience managing bug bounty programs

About You: 

You will be successful in this role if you are passionate about security and continuously seek ways to improve your craft. You believe that security is more of a concept than an organization and it is your mission to foster that culture across team boundaries. You have long term plans to eliminate risk and are able to seek out the highest value mitigations first. You are able to demonstrate easily whether something is vulnerable or not and educate your peers on the best methods for mitigation.

What You’ll Do All Day:

  • Perform security assessments of existing and newly developed Simple features and products. Clearly communicate identified vulnerabilities and identify new assessment techniques to prevent them in the future. Document comprehensive reports on the assessment effort and discovered vulnerabilities.
  • Review and triage bug bounty submissions, reproduce vulnerabilities, determine and execute appropriate payouts.
  • Leverage automated security analysis tools and integrate them within our development workflow. Work to improve the accuracy and coverage of these tools.
  • Participate in threat modeling with engineers and product teams.
  • Provide consultation to engineering teams on technical security decisions including architecture, design, code, testing strategy, and triage of security bugs.
  • Provide training to engineering on relevant security topics including facilitation of capture the flag events and/or monthly training lunch and learns.
  • Participate in on-call rotation and respond to security-related incidents.

The Team: 

We believe strongly in metrics, testing, continuous integration, and working fluidly and harmoniously with our engineering and product teams. We take security very, very seriously.

Come As You Are:

We recognize the dire lack of diversity in our industry, and we’re not okay with it. We actively seek to address it with our hiring and retention practices, as well as our office culture. Our culture isn’t something employees join, it’s something they build and shape. We believe that every person and their lived experience is integral to building a work environment, and a product that will change the world. If you’re on the fence about whether you’re a fit, we say go for it, and apply!

Why Simple’s a Great Place to Work:

  • Competitive salary and inclusive benefits package, including 4-months of 100% paid parental leave, additional PTO for volunteer & advocacy days, and affordable health insurance for partners & families.
  • A supportive and nurturing place to work. We know good ideas come from everywhere, so we work to ensure every person feels psychologically safe to take risks and think outside of the box here. Our dog-friendly space provides a wellness room, adjustable desks & ergonomic chairs, monthly on-site acupuncture & massages, all gender restrooms, and dietary & allergy conscious catering.
  • Ample opportunity to connect with your coworkers through company-funded Employee Resource Groups & Simple community events.
  • We’re committed to hiring quality human beings. Simple is a place where others will watch out for you and help you learn. We like and respect one another.
  • We believe that financial confidence belongs to everyone – and we will work to remove every barrier along the way. We sweat the small stuff, and build with intention.

Simple

Like a bank, but Simple.

Technology we use

Python
Java
SQL
Ruby
Scala
PostgreSQL
React
AWS
Git
Jenkins
JIRA
GraphQL