Application Security Engineer

Job Description

Snapdocs is an early-stage, rapidly growing company backed by investors like Sequoia Capital, SV Angel, YCombinator & F-Prime that is looking for Application Security Engineer (AppSec) to implement application security testing tools to secure our platform as we scale. If you are interested in being one of the early members of a security team that is owning an industry into the future, then we have your next position here at Snapdocs. Today we are a small team tackling the absolutely massive mortgage market. Snapdocs is focused on perfecting the real estate closing process by bringing modern, elegant software to a field that still relies on fax machines and manila envelopes. Our platform provides security, efficiency, and happiness to a paper-based pillar of the US economy through integration and automation. We rely heavily on domain expertise, product design, and data to ensure that we build reusable patterns that can work for different types of mortgage professionals. Reporting directly to the Manager of Application Security, as an Application Security Engineer (AppSec) you are responsible for providing security guidance in web application software design and development; identifying, analyzing, communicating, and owning the remediation of product risks; and building automation that supports these goals. The Appsec Engineer owns all penetration testing, DAST, SAST, tracks identified vulnerabilities & provides resolutions. Working across Product, Engineering, QA, etc. The AppSec Engineer reviews product requirements and performs risk assessments on planned application changes. This role requires a highly collaborative approach paired with excellent communication skills to balance trade-offs, push back, and perform negotiation to get things done. In addition to the day-to-day security testing, the Appsec Engineer plays a critical role in incident response and participates in an on-call rotation. This is where you come in... Over the past years, you have developed a broad range of security-related skills, gained exposure to diverse application security frameworks, web application vulnerabilities, software security architecture, security threat modeling, software security testing tools, and methodologies while preferably have SaaS product security experience. You come from a software engineering educational background or have relevant experience. A strong background in cybersecurity and have done SANS training, or have certifications such as CSSP, AWS Certified Security Specialist, GWAPT, GPEN, GSEC. Hands-on experience working with Amazon Web Services (AWS), Ruby on Rails or Go programming, or any programming/ scripting language. You keep up to date with web application security concepts (OWASP top 10 for example), AWS security best practices, have a working knowledge of securing containerized, serverless environments: EKS, Kubernetes, Docker. You have 2+ years of web application security experience -- you have spent time participating in bug bounty, ethical hacking, or contributing to other security-related research activities. You are highly collaborative to bridge the gaps between Engineering, Product, Security, and the rest of the business to create a secure and stable network. You can balance between builder & breaker. Curiosity, patience, proactiveness & a learners mindset are at the core of your approach to reducing the threat landscape. Snapdocs strongly values diversity and drive. We want to work with people of different backgrounds and different paths in life, and we trust our team to make smart decisions. This means we value independent work as well as collaboration. We provide excellent benefits (listed below) and are located in both San Francisco and Denver! Our benefits include (but are not limited to): 21 days of vacation Company subsidized health, dental, vision insurance Flexible spending account for healthcare and dependent care 401(k) with up to 4% company match - Life and disability insurance Commuter benefits Snapdocs is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know. Apply for this job