Staff Application Security Engineer

March 28

Assured

WebsiteLinkedInAll Job Openings

Assured is a claims automation insurtech backed by leading Silicon Valley investors.

11 - 50

Description

• Lead Red Team operations and penetration test campaigns, providing expert-level insight into process, procedure, and post-mortem • Develop a clear understanding of vulnerabilities and drive efforts to remediate findings • Lead in developing automated security testing to validate that secure coding best practices are being used • Provide expert guidance and direction for other team members when they encounter challenges in their security reviews • Own documentation and procedures surrounding application security reviews and lead by example for what successful application security reviews look like • Drive initiatives that scale application security and holistically address multiple vulnerabilities • Guide and advise development teams as an SME in the area of application security • Develop, support, and evolve the bug bounty program. Take initiative and drive changes in the bug bounty program • Lead both critical and regular security releases within our applications • Lead application security reviews and threat modeling, including code review and dynamic testing • Scale application security by developing automated security testing or centralized security libraries that scale directly with developers and enable them to easily write secure code • Develop security training and socialize the material with internal development teams. Have significant ownership in and evangelize security training with development teams

Requirements

• Strong expert understanding and experience with common security libraries, security controls, and common security flaws • Strong development or scripting experience and skills. You’re able to significantly and effectively contribute to product security. Typescript, Python, and Terraform are preferred • Strong experience working closely with developers • DevSecOps experience • Familiarity and ability to explain security flaws and ways to address them (e.g. OWASP Top 10) • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics clearly and concisely. Demonstrated expert in documentation • Strong understanding of the Software as a Service (SaaS) model • Expert understanding of internet security issues, application security technologies, cloud architectures, and threat landscape concepts • Experience leading efforts or managing application security teams working in the DevOps model • Hands-on experience architecting, automating, maintaining, and securing Cloud Computing Platforms. AWS experience is a must

Benefits

• Competitive salary and equity packages (75%tile) • Health Care Plan (Platinum Medical, Dental, & Vision) • Life Insurance (No cost to you) • Paid Time Off (Uncapped vacation days & paid holidays) • Family Leave (Maternity, Paternity) • 401(k) contribution (Assured contributes 3% of your income even if you don't contribute) • Health and Dependent Care FSAs (Pre-tax flexible spending accounts for out-of-pocket expenses)