Senior Application Security Engineer

Job Description

We are hiring a Senior Application Security Engineer to contribute to the growth of our security program and partner with our product engineering teams on proactively identifying and addressing security issues in our products. As a member of our distributed security team, you will support and scale our application security practices by improving automation, holistically remediating security issues, and promoting secure-by-default principles.

Security at Greenhouse is critical to our success and for building & maintaining customer trust. From influencing how we write our software, deploy our infrastructure, and make architecture decisions, security is a primary focus.

Who will love this job:

• A security lover, you keep up with the latest security research and love finding security issues in the newest technology across various security fields
• A problem solver, you can tackle complex security problems while still balancing good usability and mitigating security risk
• A doer, you get things done with attention to detail and are motivated to improve on the status quo
• A people-person, you shine when collaborating with others and are eager to contribute across the organization

What you'll do:

• Penetration testing and source code review
• Leverage security tooling to proactively detect security vulnerabilities and promote security awareness to developers
• Design frameworks/controls to promote ‘secure by default’ practices and break apart a monolith application
• Participate in high-level architecture decisions that impact the entire code base as well as new product features
• Voice support for product security by promoting security development standard methodologies and partnering with software engineering as a security domain expert
• Respond to vulnerability reports by figuring out risk and providing practical remediation advice to our product engineering teams and other partners
• Supervise security vulnerabilities and prioritize remediations with teams according to our SLA requirements
• Improve automation around product-focused security detection, vulnerability triaging, patching and many other security processes
• Respond to security incidents related to our products

You should have:

• Experience pen-testing web applications, security architecture and design reviews, and security code reviews
• Deep understanding of web security with a focus on providing practical technical recommendations to engineering teams
• Knowledge industry-standard authentication protocols such SAML SSO and OAuth2
• Proficiency in at least one programming language and be capable of quickly picking up new languages
• Your own unique talents! If you don't met 100% of the qualifications outlined above, tell us why you'd be a great fit for this role in your cover letter

Applicants must be currently eligible to work in Canada.

For purposes of processing or administering your employment relationship, personal information that you provide to the Company may be transferred to and accessed by an affiliate in the United States or elsewhere, or to agents and contractors (such as payroll companies, insurance companies, information technology consultants, etc.) that provide services to the Company.

#LI-MB1