Senior Application Security Engineer

About the position

Yext is seeking a Senior Application Security Engineer to join our Security Office. This role is pivotal in ensuring the security and integrity of our product and software platform. As a technical subject matter expert, you will focus on key areas such as threat modeling, secure code review, penetration testing, and post-deployment security monitoring. Your expertise will empower product and engineering teams to make informed security and privacy decisions through comprehensive reviews, assessments, and offensive security exercises. Additionally, you will play a crucial role in fostering a culture of security awareness and compliance within Yext, working closely with the Application Security leader to drive initiatives that enhance our security posture. In this position, you will design and implement security practices and standards across our product and application environments. You will be responsible for threat modeling systems and applications, conducting security reviews, and performing detailed penetration tests on both web and mobile infrastructures. Identifying security risks and developing effective mitigation strategies will be a key part of your responsibilities. You will also develop tooling and automation to facilitate continuous testing and increase the coverage of penetration tests and other security assessments. Furthermore, you will provide guidance on secure coding practices based on industry standards such as the OWASP Top 10 and CIS Controls, and contribute to the creation and delivery of security training for internal teams. Your role will also involve assisting in the analysis and response to bug bounty programs, ensuring that Yext maintains a robust security framework.