Staff Application Security Engineer

This is a fully remote position, open to applicants in California, +2 more states.

📋 Description

• Integration of Security Development Lifecycle (SDLC): Lead the adoption of security measures throughout the complete software development lifecycle, from design evaluation to deployment.

• Application Security Assessment: Conduct both offensive penetration testing and defensive (Blue Team) evaluations on web applications, internal services, and robot-side software to discover and address vulnerabilities.

• Automation and Tooling: Implement and oversee security tools such as Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), runtime vulnerability assessments, and Software Bill of Materials (SBOM) systems. Utilize tools like JFrog Artifactory, GitHub Advanced Security, Datadog, Wiz, or Snyk for these implementations.

• Code Review and Governance: Establish and enforce security procedures for source code, including essential GitHub security practices and review protocols.

• Vulnerability Management: Oversee the lifecycle of recognized vulnerabilities, prioritizing remediation efforts based on risks to the fleet, proprietary code, and cloud infrastructure.

• Collaboration: Collaborate with development, platform, and infrastructure teams to ensure that security requirements are fulfilled without compromising engineering efficiency.

⛳️ Requirements

• Over 8 years of hands-on experience in Application Security (AppSec) engineering or a comparable Staff-level security position.

• Proven expertise in Application Security engineering with programming proficiency.

• Demonstrated experience in implementing security measures within CI/CD pipelines and source control systems (e.g., GitHub, GitLab).

• Familiarity with penetration testing, vulnerability scanning, and both offensive and defensive security practices (Red Team/Blue Team).

• Proficient in at least one contemporary programming language (e.g., Python, Go, C++).

• Solid understanding of security best practices for cloud-native, microservices, and distributed systems architecture.

• Experience with cloud security platforms such as AWS or GCP.

• Competence in integrating security measures within Kubernetes environments.

• Experience in leading and mentoring security engineers.

🏝️ Benefits

• 401(k) Plan: Features a 6% company match.

• Equity: Company stock options available.

• Insurance Coverage: Full company-paid medical, dental, vision, and short/long-term disability insurance for employees.

• Benefit Start Date: Eligibility for benefits begins on your first day of employment.

• Well-Being Support: Access to an Employee Assistance Program (EAP).

• Time Off:

• Exempt Employees: Enjoy flexible, unlimited PTO along with 12 company holidays, including a winter shutdown.

• Non-Exempt Employees: Offered 10 vacation days, paid sick leave, and 12 company holidays, inclusive of a winter shutdown, each year.

• On-Site Perks: Catered lunches four times a week and a selection of healthy snacks and drinks at our Salem and Pittsburgh locations.

• Parental Leave: Generous paid parental leave programs available.

• Work Environment: A culture that promotes flexible work arrangements.

• Growth Opportunities: Professional development and tuition reimbursement programs offered.

• Relocation Assistance: Provided for eligible positions.

• Annual Discretionary Bonus: Offered for qualifying roles.