Senior Application Security Engineer
About Us Our dedicated team and awesome technology are disrupting the customer support space. Our SaaS platform replaces all of the convoluted systems, lines, and contact numbers of standard customer support with a stunningly simple SDK and Smart Actions – fingerprint, verification, real-time sharing (videos, photos, and screenshots) and effortless in-app texting
- plus all data is encrypted, keeping customer data secure. We take the frustration out of customer support and in turn, provide a sleek, secure, and modern smartphone-era experience. Join our team as we revolutionize the customer experience!
Opportunity Reporting to the Director of Engineering; SRE and Application Security, you'll be the first hire as a security engineer in the newly formed application security team. You will enable teams to deliver secure-by-design product features and cloud infrastructure by seamlessly providing cybersecurity expertise and guidance throughout the development lifecycle of technology systems and services.
Where You Can Make An Impact:
Perform threat modeling and application security assessments across all of UJET to identify security gaps in existing codebases and products and provide technical guidance around remediation. Manage the lifecycle of vulnerabilities, from identification to remediation and reporting. Review and evaluate reports from vulnerability scans, penetration testing, and propose remediation measures or controls. Lead the technical incident response by providing engineering support to remediate security issues in production environments. Work with stakeholders across the organization to ensure things are designed with security in mind by mentoring colleagues.
What we are looking for:
5+ years or more years of relevant work experience in cloud-hosted SaaS application security. Extensive penetration testing experience in web applications, mobile applications, networks, and cloud infrastructure. Familiarity with microservice architecture, Jenkins, Docker, Kubernetes, AWS, GCP.In-depth knowledge of secure coding principles and application security vulnerabilities. Experience with programming (Python, Ruby, Go, Java
Script, etc.) and the overall software development life cycle. Experience implementing DevSecOps pipelines and converting manual processes into automated processes.
Nice to Have:
Compliance / Security Audit Experience:
ISO, SOC, PCI, HIPAA, GDPR, CCPAExperience working with deployment tools: Terraform, Helm, etc. Certifications:
GIAC, CISSP, CSSLP, OSCP, CCSP Compliance Responsibilities Security, data protection, and compliance (SDPC) are paramount to the success of our partnerships. All roles at UJET require compliance with legal and regulatory requirements and acceptance and adherence to all policies and standards within UJET. Personnel acknowledge that they are personally responsible for reporting any suspected violations or abuse and are required to complete SDPC training and fulfill role-specific SDPC responsibilities.
In addition to our great team and disruptive technology, we offer our teammates a competitive compensation and benefits package, work/life balance, unlimited vacation, stock options, catered lunches Monday through Thursday, monthly game nights, and more!
UJET is an Equal Opportunity Employer