Threat Stack is a small, high-energy team looking for a Senior Application Security Engineer to jump right in and help us grow.
We are defining the way Cloud Security is done. We are the only cloud-native continuous monitoring solution that gives users instant visibility into their environment, protecting them in real time from insider threats, external attacks, and data loss. Optimized for cloud deployment, our solution allows growth-driven companies to scale confidently without sacrificing speed or efficiency.
As an Application Security Engineer, you’ll work with a team of talented engineers and security professionals to ensure that the Threat Stack Cloud Security Platform® stays secure. Working at a security company, you’ll also be asked to provide product feedback and engage in the building of the product – a unique experience for most in security.
We are interested in talking with senior level engineers to join our security team (typically 7+ years experience, but we prefer quality over quantity). The right candidate will have a background in software engineering and be excited about finding security bugs on a complex platform that receives high velocity releases – hosted on a public cloud, dynamic front ends, complex event processing and storage, integrations with third parties, and our own agent on customer servers that streams data.
Given this variety, it’s unrealistic to expect you to know everything, but we do expect you to pick up new technologies and techniques as our platform and team grow in size and diversity, and to be excited by the prospect of learning and sharing with your peers. This job is as much about building a solid culture of security – focusing on cross team collaboration – as it is about red teaming our production application.
As a Senior, you have strong troubleshooting skills, a deep understanding of how modern, distributed web applications and their threat models are built, and have experience implementing application security detection and prevention on large-scale SaaS platforms. You’ve also worked with developers who have various levels of security knowledge, growing their awareness and mindfulness over time. Strong written, verbal, and interpersonal communication skills are a must, and some of the following are also helpful:
- Black-box penetration testing and code reviews of in-house-built software
- Implemented or participated in a bug bounty program before, either as a vendor or researcher
- Performed architecture and design reviews, both for security and compliance (privacy)
- Familiarity with common web application testing suites (Burp Suite, etc.)
- Natural inclination toward automating tests and processes when appropriate
- Very comfortable on Linux, deeper knowledge is a nice to have
Responsibilities and Projects
At a high level you will be working on:
- Designing, building, and maintaining detection and prevention systems for the production Threat Stack SaaS platform
- Implementing a secure build pipeline that enforces a series of checks on all commits, without interrupting the core tenets of continuous integration/deployment
- Responding to vulnerability disclosures, both in their triage and designing of the resolution, but also in the resolution itself
- Building a training program on secure coding practices for engineering
- Being a member of the Threat Stack CIRT, which is comprised of members of different teams, and responding to the full gamut of internal security issues