18 day(s) ago

Application Security Engineer

Negotiable Salary


United States
English: Advanced, Upper Intermediate, Native Speaker
Experience: 3+ years
Employment: Full-time

TaxJar

We know sales tax isn't fun for anyone, so we're determined to ease the burden with an exceptional customer experience. To do that, we have to start internally. At TaxJar, we aim to provide the same incredible quality of life for our team members as we do for our customers by creating a professional, unique, and extraordinary place to work.

We’re fast-growing, fully-distributed, talented, driven, and love what we do. We live all across the US, working from our homes, co-working spaces, coffee shops — even a boat! We have many different backgrounds and lifestyles, and everything we do is guided by our core values. We recruit from a varied pool of candidates, as we believe that a diverse team can create better solutions for our customers.

Responsibilities

Proactively perform technical security assessments against TaxJar’s web applications and services
Work with software engineers to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline
Act as a technical leader for security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed
Run the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities
Implement cloud security controls in AWS and help automate security processes when appropriate
Perform security monitoring, threat analysis, and lead the incident response process
Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls

Requirements

4+ years of experience in Application/Product Security preferably in SaaS
2+ years of experience with Cloud Security in AWS preferred
Strong understanding of web application architecture and design principles
Hands-on knowledge of security technologies such as WAF, File Integrity Monitoring (FIM), SAST/DAST tools, etc.
Working knowledge of common security flaws (such as OWASP Top 10) as well as how to identify and mitigate them
Experience with manual secure code review in languages such as: Ruby, Elixir, JavaScript
Familiarity with common web application testing tools, such as Burp Suite or Zap, and ability to apply that knowledge to practical testing scenarios
Experience leading incident response plans and working with SIEM tools for threat analysis
Knowledge of container security such as Docker and Kubernetes a plus
Experience working with operating systems and hardening (Linux, OS X, and Windows) a plus
Certifications such as CISSP, GSEC, CEH or CISM a plus
Agile, humble, trustworthy, and a team player

Benefits

Excellent health, vision and dental benefits
Flexible vacation
Company holidays, plus mandatory Birthday holiday
12 weeks paid parental leave for all employees
4 hours volunteer time per month
Biannual all-company in person summits (paid for by us, of course!)
$250 Home office stipend
401k Plan
Equity in a profitable company
Monthly perks reimbursement ($100 a month to appreciate your teammates, Netflix, Amazon Prime, gym membership, home internet etc.)

Similar Jobs