about 2 months ago
Base Salary
$205k - $275k/yr
Responsibilities
- Perform secure code reviews, threat modeling, and security design reviews for new features and services.
- Automate security tooling like SAST, DAST, and secret scanning across CI/CD pipelines using AI.
- Triage and validate vulnerability findings from automated tools and penetration tests.
- Collaborate with engineering teams to fix security issues and educate developers on best practices.
- Support third-party penetration tests and manage the follow-through on results.
- Contribute to developer security guides and training based on the actual codebase.
- Maintain and improve vulnerability management workflows using AI.
- Assist with compliance work related to HIPAA and SOC 2.
Requirements
- 5+ years of experience in application security.
- Proficient in at least one modern programming language (Python, Go, Java, TypeScript).
- Solid knowledge of common vulnerability classes and their fixes.
- Hands-on experience with threat modeling and secure code review.
- Experience with security tooling in CI/CD pipelines.
- Familiarity with cloud environments (AWS) and container security.
- Understanding of authentication standards and API security concepts.
Benefits
- Flexible paid time off (PTO).
- Expansive health, dental, and vision coverage.
- Employer contributions to Health Savings Accounts (HSA).
- Generous parental leave policy.
- Full employee coverage for life insurance.
- Home office stipend and cell/internet reimbursement.
- Company-paid holidays and 401(K) plan.