Senior Application Security Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• You have 4+ years of experience working in an application security role. • You strongly understand the security best practices for the development lifecycle (SDLC). • You have expert knowledge of web application protocols. • You have deep technical knowledge of Content Security Policies (CSP) and how to implement them. • You have strong experience working with AI and understand the areas to focus on to secure it. • You have expert understanding of application security testing tools like OWASP ZAP and Burpsuite. • Expert understanding of the OWASP Top 10 and other application attacks. • Experience installing and running a local developer environment for local testing of code. • Deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security. • Implemented/managed SAST and DAST tools such as StackHawk and Snyk with more than a year experience in each type of tool. • Familiarity with common security libraries and tools.
Responsibilities
• Create, manage, and maintain the application security strategy and roadmap, tracking OKRs and work efforts over six quarters. • Comfortable and excited to lead the application security domain, including managing and maintaining existing tools, executing domain strategies, and owning all aspects of application security. • Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems. • Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it. • Provide subject matter expertise in the areas of secure coding, application authentication, encryption, AI, and quickly research and become competent in other areas as needed. • Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture. • Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions. • Collaborate with the Developer Experience team to integrate security tools, workflows, and practices into development environments. • Continually research current and emerging security threats and technologies, proposing changes and guidance that are most impactful. • Develop appropriate technical solutions along with the latest security tools that help mitigate security vulnerabilities and also help automate repeatable activities. • Build and provide high-quality application security documentation and training to engineers to set them up for success. • Educate and train Alma engineering on information system security best practices using our security training solution as well as in-person and recorded training. • Mature and execute the Threat Modeling program with engineers. • Implement, manage, and maintain application security tools such as SAST and DAST scanners and own the workflow for remediation of findings. • Assist with creating the reports for management regarding vulnerabilities, training, and other relevant metrics.
Benefits
• We’re a remote-first company • Health insurance plans through Aetna (medical and dental) and MetLife (vision), including FSA and HSA plans • 401K plan (ADP) • Monthly therapy and wellness stipends • Monthly co-working space membership stipend • Monthly work-from-home stipend • Financial wellness benefits through Northstar • Pet discount program through United Pet Care • Financial perks and rewards through BenefitHub • EAP access through Aetna • One-time home office stipend to set up your home office • Comprehensive parental leave plans • 12 paid holidays and 1 Alma Give Back Day • Alma’s compensation philosophy is driven by our company value of building equity. To best ensure pay equity, we typically bring in new hires near the middle of our listed salary bands and we do not negotiate our compensation (i.e. all people hired at the same level & role are brought in at the same salary, equity, and benefits). The recruiter you work with can provide more details on our philosophy. • All Alma jobs are listed on our careers page. We do not use outside applications or automated text messaging in our recruiting process. We will not ask for any sensitive financial or identification information throughout the recruiting process. Any communication during the recruitment process, including interview requests or job offers, will come directly from a recruiting team member with a helloalma.com email address. • Learn more about how Alma handles applicant data by reading Alma's Applicant Privacy Notice.