Application Security Engineer

Alloyposted about 2 months ago
$140,000 - $165,000/Yr
Full-time - Mid Level
New York City, NY
Publishing Industries

Add to tracker

Apply

About the position

Alloy solves the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers. Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how we've been continuously recognized and named one of Inc.Magazine's Best Workplaces, Forbes America's Best Startup Employers, Best Fintech to Work for by American Banker, year after year. Alloy's security team is supportive, focusing on enabling the engineers to seamlessly deliver high quality software that adheres to security best practices, instead of being gatekeepers. Security is extremely important at Alloy, so this will be a high impact role with a lot of scope for growth, leadership opportunities and learning.

Responsibilities

  • Assist in the evolution of our application security functions and services
  • Implement, configure and monitor our security tools to help us detect and respond to new types of threats
  • Improve efficiency and reliability of security tools through scripting and automation
  • Act as a subject matter expert for security solutions
  • Assist junior security engineers with their development
  • Provide guidance and recommendations on application security best practices
  • Maintain knowledge of the latest security trends, threats, and countermeasures
  • Raise awareness about application security within Alloy
  • Foster a culture of security and encourage the adoption of secure practices
  • Work closely with engineering teams to secure their software throughout the entire software lifecycle
  • Ensure that change management processes are adhered to across all platforms
  • Integrate security tools and practices into the CI/CD pipeline
  • Automate security checks and scans to identify and fix vulnerabilities early in the development process
  • Conduct application security assessments and penetration tests to identify vulnerabilities and security issues
  • Provide guidance to developers on secure coding practices
  • Collaborate with infrastructure and development teams to ensure that security measures are effectively implemented in production environments
  • Be a key player of Alloy's vulnerability management program
  • Discover application security issues in our code through penetration testing, source code review, and design review
  • Analyze risk and triage issues based on severity
  • Communicate the issues to relevant teams with clear recommendations on how to fix them
  • Assist with fixing issues as needed
  • Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
  • Report and document security findings and remediation activities
  • Troubleshoot production difficulties and performance constraints with security tooling, controls, and features
  • Participate in Alloy's bug intake and remediation process
  • Stay vigilant and monitor ongoing security threats
  • Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
  • Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted of concerning activity
  • Document security incidents and the extent of the damage caused by the incidents
  • Participate in incident response and handle activities related to application security incidents
  • Work closely with incident response teams to mitigate the impact of a breach
  • Investigate incidents, identifying the cause, and implementing measures to prevent similar incidents in the future
  • Participate in on-call rotation

Requirements

  • A combination of education, training, and experience
  • A Bachelor's Degree or comparable work experience
  • 2+ years of work experience in Application Security, Information Security, or Compliance
  • Commitment to continuous learning and ability to adapt to changing circumstances
  • Experience with programming languages (such as TypeScript/JavaScript, React, and Python)
  • Familiarity with security frameworks and standards (OWASP Top Ten, ISO 27001)
  • Experience with security tools and technologies (SAST, IDS/IPS, firewalls, WAF, CSPM, SCA, CI/CD, IaC)
  • Experience with database and data storage design
  • Experience working in cloud hosted SAAS environment (preferably AWS)
  • Knowledgeable on public key infrastructure, symmetric and asymmetric encryption
  • Ability to critically evaluate the security of a system and identify potential vulnerabilities
  • Excellent communication skills; able to articulate complex security concepts to developers and other stakeholders
  • Ability to operate well in a project-oriented setting
  • Capacity to manage sensitive and secret information
  • Ability to handle numerous activities at once
  • Well developed analytical and problem-solving capabilities
  • Ability to work effectively in a team and respect different perspectives

Benefits

  • Unlimited PTO and flexible work policy
  • Medical, dental, vision plans with HSA and FSA options
  • 401k with 100% match up to 4% of annual employee compensation
  • Eligible new parents receive 16 weeks of paid parental leave
  • Home office stipend for new employees
  • Learning & Development annual stipend
  • Well-being benefits include access to OneMedical, Headspace, and more

Add to tracker

Apply

Build your resume with AI

A Smarter and Faster Way to Build Your Resume

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service