Principal Application Security Engineer

About the position

As Binti's first Principal Application Security Engineer, reporting to our VP of Engineering, you will play a critical role in ensuring the security and integrity of our software applications. You will work collaboratively with cross-functional teams to identify and address potential security vulnerabilities, implement best practices, and contribute to the development of secure coding standards.

Responsibilities

• Conduct Security Assessments: Provide holistic assessments of Binti's security stance, including performing regular security reviews, code audits, penetration testing, and threat modeling to maintain the highest standard of application security.
• Set Direction: Help Binti chart a specific course of action to achieve the security stance we desire. This includes scoping and prioritizing work, determining what levels of investment and risk we should take on given our scale and capacity, and building relationships across teams to effectively communicate and advocate for these goals.
• Respond To Incidents: Respond promptly to security incidents, collaborate with engineers on-call, and provide detailed post-event analyses. Evaluate the applicability of emergent security concerns through risk rating and assessment (such as OWASP).
• Improve Security Architecture: Work with engineering to identify, design, and implement technologies to enhance security automation, both for the software development lifecycle and cloud hosting environments.
• Set Security Standards: Lead efforts to design and implement secure coding standards and best practices across the development lifecycle, including automating processes as makes sense to ensure comprehensive coverage.
• Share Expertise: Stay up to date on the latest security threats, vulnerabilities, and industry best practices, and ensure the integration of this knowledge into Binti's security strategies. Act as our company's expert on application security matters, providing mentorship to development teams and fostering a scalable, security-aware culture.

Requirements

• Proven experience as an Application Security Engineer or in a similar role.
• Strong technical background with experience in full-stack development, cloud computing, and scalable architecture.
• Proficiency in one or more OOP coding languages (Ruby, Python, Java, etc) is strongly preferred.
• Strong understanding and knowledge of web application security principles, common vulnerabilities, and best practices.
• Excellent communication skills with the ability to simply convey complex security concepts to non-technical stakeholders and clearly articulate the relative risks and trade-offs.
• Experience cultivating a security-aware development culture that scales through mentorship and automation.
• A genuine interest in leveraging technology to address social challenges, with a strong sense of purpose in improving outcomes for children in need.

Nice-to-haves

• Prior experience with GovTech or FedRamp.

Benefits

• An above-market compensation package (salary + equity)
• Excellent medical, dental, vision, and life insurance - 99% of insurance premiums covered for you + your dependents
• Flexible vacation time to promote a healthy work-life blend
• 13 paid holidays; 11 federally observed holidays (including Juneteenth), plus Election Day and the day after Thanksgiving
• 16 weeks of paid parental bonding leave for the arrival of a newborn or newly placed infant
• Sick/mental health time separate from vacation days (accrue up to a cap of 160 hours)
• 4 weeks of sabbatical after 4 years of service at the company
• 401k, Commuter benefits, FSA, and DCSA with administration paid for
• $5,000 annual bonus for employees who volunteer as a CASA (court-appointed special advocates)
• $2,500 annual reimbursement for ongoing learning and development, with opportunities to attend trainings/conferences, on-site speaker series, and lunch and learns
• $300 reimbursement for virtual home office setup
• $50 a month remote work stipend to cover internet, electricity, home office setup costs or lunch/snacks with coworkers
• Paid jury duty