Glassdoor
Senior Application Security Engineer
Glassdoor, Charlotte, North Carolina, United States, 28245
About the Role
As a Sr Application Security Engineer, you will be improving Glassdoor's application security posture and keeping our platform safe for millions of customers around the world! We are looking for someone who loves to analyze, test and triage application vulnerabilities, manage our public bug bounty program, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, our vendors, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact!
What You'll Do
Be an advocate for application security within the organization
Help develop and maintain a risk-based application security program based on a well-defined application security framework
Enhance and manage Glassdoor’s public bug bounty program, application security tool stack and automated security checks in the CICD pipeline to optimize vulnerability and misconfiguration detection
Find common patterns and themes within application vulnerabilities and work with Engineering teams to address the root causes
Participate in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
Execute security-focused code, architecture and integration reviews
Coordinate or conduct penetration testing and drive remediation efforts to completion
Keep abreast of the latest security issues and technologies
Own and improve process and procedural documentation
Participate in on-call rotation (nights and weekends) for Security Operations alert response
Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments
What You'll Bring
A commitment to add to our culture of DEI.
5+ years of experience in web application penetration testing or a security-focused application development role is a must
AWS Security, CISSP, CEH, GWEB, GCIH or equivalent certifications are preferred
Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
Ability to read and understand Java, JavaScript, and Python
Ability to automate repetitive tasks, using Python or other scripting language, is a plus
Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience
Compensation and BenefitsBase salary range*: $112,200.00 - $149,000.00*Glassdoor base salaries are targeted to the market 75th percentile for technical roles and the 65th percentile for non-technical roles. In other words, 65-75% of comparable organizations in our industry will pay less.
Annual Bonus Target**: 10%
**
Bonuses are paid in 6-month intervals, aligning with bi-annual performance reviews
Generous Restricted Stock Units (RSU):
***Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually. Additionally, as a pay-for-performance company, RSU grant awards are presented bi-annually to exceptional performers.
You can learn more about our compensation philosophy
here
and see salary ranges for all Glassdoor jobs
here
.
Health and Wellness:
100% employer-paid premiums for employee medical, dental, vision, life, short and long-term disability, select well-being programs, along with 80% employer-paid premiums for all dependents.
Generous paid time off programs for birthing and non-birthing parents are provided, along with paid injury/illness leave and paid family emergency leave.
Coverage begins at the start of employment. After 48 months of continuous employment, 100% of all premiums for you
and
your dependents can be employer-paid!Work/Life Balance: Open Paid Time Off policy, in addition to 15-20 paid company holidays/year
Investing in Your Future:
401(k) plan with a company match up to $5,000 per year, subsidized fertility and family planning services, and discounted legal assistance services.
#J-18808-Ljbffr
As a Sr Application Security Engineer, you will be improving Glassdoor's application security posture and keeping our platform safe for millions of customers around the world! We are looking for someone who loves to analyze, test and triage application vulnerabilities, manage our public bug bounty program, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, our vendors, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact!
What You'll Do
Be an advocate for application security within the organization
Help develop and maintain a risk-based application security program based on a well-defined application security framework
Enhance and manage Glassdoor’s public bug bounty program, application security tool stack and automated security checks in the CICD pipeline to optimize vulnerability and misconfiguration detection
Find common patterns and themes within application vulnerabilities and work with Engineering teams to address the root causes
Participate in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
Execute security-focused code, architecture and integration reviews
Coordinate or conduct penetration testing and drive remediation efforts to completion
Keep abreast of the latest security issues and technologies
Own and improve process and procedural documentation
Participate in on-call rotation (nights and weekends) for Security Operations alert response
Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments
What You'll Bring
A commitment to add to our culture of DEI.
5+ years of experience in web application penetration testing or a security-focused application development role is a must
AWS Security, CISSP, CEH, GWEB, GCIH or equivalent certifications are preferred
Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
Ability to read and understand Java, JavaScript, and Python
Ability to automate repetitive tasks, using Python or other scripting language, is a plus
Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience
Compensation and BenefitsBase salary range*: $112,200.00 - $149,000.00*Glassdoor base salaries are targeted to the market 75th percentile for technical roles and the 65th percentile for non-technical roles. In other words, 65-75% of comparable organizations in our industry will pay less.
Annual Bonus Target**: 10%
**
Bonuses are paid in 6-month intervals, aligning with bi-annual performance reviews
Generous Restricted Stock Units (RSU):
***Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually. Additionally, as a pay-for-performance company, RSU grant awards are presented bi-annually to exceptional performers.
You can learn more about our compensation philosophy
here
and see salary ranges for all Glassdoor jobs
here
.
Health and Wellness:
100% employer-paid premiums for employee medical, dental, vision, life, short and long-term disability, select well-being programs, along with 80% employer-paid premiums for all dependents.
Generous paid time off programs for birthing and non-birthing parents are provided, along with paid injury/illness leave and paid family emergency leave.
Coverage begins at the start of employment. After 48 months of continuous employment, 100% of all premiums for you
and
your dependents can be employer-paid!Work/Life Balance: Open Paid Time Off policy, in addition to 15-20 paid company holidays/year
Investing in Your Future:
401(k) plan with a company match up to $5,000 per year, subsidized fertility and family planning services, and discounted legal assistance services.
#J-18808-Ljbffr