1 day ago
Base Salary
$120k - $180k/yr
Responsibilities
- Own application and cloud security posture across infrastructure and full stack product.
- Run SOC 2 certification efforts and interface with vendors for pen testing.
- Build secure SDLC including threat modeling and security-sensitive code review.
- Lead incident response and vulnerability management efforts.
- Partner with engineering on identity, access, and data handling for sensitive information.
- Own customer security questionnaires and represent Boom in security conversations.
Requirements
- 5+ years in security engineering or application security with hands-on web development experience.
- Track record securing production web apps and cloud environments, preferably AWS.
- Working knowledge of SOC 2 and readiness to own the program.
- Strong grasp of common attack classes and their implications in modern web stacks.
- Experience with backend technologies like Ruby and frontend frameworks like React/Next.js.
- Strong communication skills to explain risks to non-security audiences.
Benefits
- Competitive salary with stock options.
- Full healthcare coverage including 50% for dependents.
- 15 days of Paid Time Off (PTO) plus 3 sick days and all US federal holidays.
- Company-issued laptop/MacBook.
- Company-sponsored training and development.
- Regular off-sites, retreats, and travel opportunities.
Tech Stack
AWSNext.jsReactRubyTerraformTypeScript