Job Responsibilities

• Overhaul and take ownership of our AST (Snyk) platform and work with developers to resolve valid findings and reduce false positives.
• Assist with code reviews to proactively identify potential vulnerabilities, and follow-up with tooling to prevent future vulnerabilities.
• Help launch our HackerOne bug bounty program and work directly with participants and various stakeholders to ensure findings are resolved in a timely manner.
• Conduct Threat Modeling and Risk Assessment exercises for various services across our platform.
• Improve upon and further integrate the Secure Development Lifecycle (SDLC) into product design and engineering efforts.

Desired background

• 5 years experience in an application security related or software development roles.
• Demonstrated experienced with identifying and resolving common web application vulnerabilities (Ex: OWASP Top 10 and the OWASP API Top 10)
• Candidate would consider themselves a Burp Suite SME. (or competing toolset)
• Hands on experience with a leading AST SaaS solution (Checkmarx, Snyk, Veracode, etc.)
• Participation in various bug bounty platforms and programs is a plus. (Ex: HackerOne / Bugcrowd)
• Previous experience pen-testing or experience with CTF / Red Blue Teams is a plus.
• High level software development skills; basic scripting, functional programming experience, familiarity with code repositories and deploy pipelines, etc.

Salary: $108,000 - $172,000