Protect Our Digital World as an Application Security Expert
We are seeking a skilled security professional to safeguard the integrity of our web and mobile products, collaborating with teams that build high-reliability systems used across our platform.
1. Perform thorough security assessments on applications and provide actionable guidance for remediation.
2. Review designs, code, and upcoming features to identify potential risks early.
3. Contribute to internal tooling, automation, and documentation that streamline security processes.
4. Verify reported vulnerabilities and partner with engineering teams to resolve them effectively.
5. Stay up-to-date with emerging trends in application security and evolving threat techniques.
6. Collaborate closely with product and engineering groups to strengthen our overall security posture.
Key Qualifications:
1. ~3 years of experience in application security or software engineering with a security focus.
2. Experience assessing web or mobile apps and performing vulnerability analysis.
3. Strong understanding of authentication, authorization, data validation, session handling, encryption basics, and secure communication protocols.
4. Familiarity with OWASP Top 10, CWE, and common mobile security concerns.
5. Hands-on experience with tools like SAST, DAST, dependency scanners, or mobile assessment frameworks.
6. Ability to guide developers through remediation and validate fixes.
7. Comfort with at least one major language (Java, JavaScript/TypeScript, Python, Go, Swift, Kotlin).
8. Understanding of secure development practices and CI/CD integration.
9. Working knowledge of API security and cloud fundamentals.
10. Strong communication skills.
Nice to Have:
1. Experience with threat modeling or secure design discussions.
2. Knowledge of OAuth 2.0, OIDC, SAML, or JWT.
3. Background with containers or cloud-native environments.
4. Familiarity with vulnerability management or security automation.
5. Certifications such as OSCP, GWEB, GWAPT, or CSSLP.