Senior Application Security Engineer (Remote)

Job Description

Who We Are

Having surpassed $200M ARR and continuing to grow rapidly, AuditBoard is the leading audit, risk, and compliance platform on the market. More than 40% of the Fortune 500, including 6 of the Fortune 10, leverage our award-winning technology to move their businesses forward with greater clarity and agility. And our customers love us: AuditBoard is top-rated on G2.com and Gartner Peer Insights.


At AuditBoard we inspire each other to innovate and are proud of what we are producing. We spend each day thinking of new ways to help our customers and contribute to the greater good of our company and our surrounding communities. We are all about assisting each other and breaking through barriers to create the most loved audit, risk, and compliance platform by our customers. This is how we have become one of the 500 fastest-growing tech companies in North America for the fourth year in a row as ranked by Deloitte! 

Why This Role is Exciting:

AuditBoard is looking for a passionate and experienced Sr. Application Security Engineer, who will work along product and engineering teams to develop secure and resilient software used by some of the most security conscious customers on the planet. Supported by the InfoSec team, this position will serve as a Security liaison to the AuditBoard engineering team - assisting them with implementing security best practice at every layer of the SDLC, primarily focusing on threat modeling, secure design review, and triage and prioritization of application security vulnerabilities identified by the infosec team. This role will also be instrumental in the continued development of secure SDLC practices at AuditBoard.  

Responsibilities:

 In this role you will be responsible for:  

  • Working with product and engineering teams to implement security throughout the design and development process. 
  • Proficiency in JavaScript, Node.JS, Ember, Python, Docker, PostgreSQL, and Kubernetes
  • Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team.
  • Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST and DAST. 
  • Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices.
  • Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs. 
  • Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions. 
  • Assisting with Security Compliance activities as required. 
  • Assisting with investigation and response to security incidents and web application attacks as necessary. 

Requirements

  • 5+ years of experience developing or securing web-based applications 
  • Software development experience with modern Javascript (Node.JS,  ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)
  • Experience with leading threat modeling and secure design reviews
  • Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus. 
  • Excellent organization, time management, and attention to detail 
  • Must be action-oriented and have a proactive and collaborative approach to solving issues
  • Ability to work within an on-call shift rotation

Preferred

  • Experience working on SaaS web applications
  • Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages
  • Experience with building and securing CICD pipelines and incorporating supply chain security best practices. 
  • Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions
  • Experience coordinating bug bounty and penetration testing engagements
  • Bonus: Docker or Kubernetes experience
  • BS in Computer Science (or equivalent experience)
Perks*
 
  • Launch a career at one of the fastest-growing SaaS companies in North America!
  • Live your best life (LYBL)! $200/mo for anything that enhances your life
  • Remote and hybrid work options, plus lunch in the office
  • Comprehensive employee health coverage (all locations)
  • 401K with match (US) or pension with match (UK)
  • Competitive compensation & bonus program
  • Flexible Vacation (US exempt & CA) or 25 days (UK)
  • Time off for your birthday & volunteering
  • Unlimited access to LinkedIn Learning
  • Employee resource groups
  • Stock options
  • Opportunities for team and company-wide get togethers!

 

*perks may vary based on eligibility

 

#LI-Remote