Weave’s Senior Application Security Engineer will partner with all of Weave’s development teams throughout the company to develop, execute, and operate a scalable and effective secure development lifecycle. 

• This position will be remote

• Reports to: Head of Security

What You Will Own

• Collaborating closely with product and development team members during the software development lifecycle to identify security risks.
• Acutely identifying vulnerabilities introduced during product development.
• Deploying, tuning, triaging, and reviewing output produced by static code analysis tools, dependency code scanning tools, dynamic code scanning tools, and other application security tools.
• Shepherding the inclusion and operation of such tools in CI/CD pipelines.
• Holding team members accountable to timelines for mitigating identified application security risks.
• Facilitating thorough application security reviews and threat modeling exercises.
• Engaging with third party penetration testing organizations to facilitate effective security tests against Weave and its products.
• Optimizing the application security review process to meet the fast-pace product development at Weave.
• “Spidering” the organization--turning over rocks to identify untreated application security risks. 
• Providing training to Weave’s development team members to build confidence in secure development practices.
• Enhancing the awareness in good security practices throughout the organization.
• Acting as the resident application security subject matter expert for all team members to engage for advice and guidance.
• Working closely with designers and engineers to deliver secure experiences to our customers.
• Defining measurable outcomes and maintaining focus on those outcomes throughout the execution of the security roadmap.

What You Will Need to Accomplish the Job

• A deep understanding of application security practices, secure code development, and application security tooling.
• 8 years experience as a full-time security researcher and/or application security engineer.
• Possess willingness to go “Mr. Robot” on all Weave systems, processes, and organizations to help identify meaningful and exploitable risks.
• Experience assessing the security configuration and hardness of systems, databases, network devices, applications, and processes used within an organization.
• Ability to write code to test vulnerabilities in code produced by and systems operated by Weave.
• Demonstrate strong integrity so as to not compromise the trust of Weave customers.
• Ability to perform security assessments, penetration tests, and other vulnerability scans on Weave systems to identify, assess, prioritize, remediate, and monitor the security of Weave systems.
• Experience working with security operations analysts to help more effectively identify nefarious activity performed by hackers.
• Knowledge of effective threat modeling skills and techniques.
• Knowledge of and experience with setting up, configuring, running, triaging, and tuning static code analysis, dependency code scanning, and dynamic code scanning tools. 
• Possess strong understanding of AWS and GCP and core services provided by AWS and GCP.
• Have a strong working knowledge of Linux, Windows, and other common compute technologies.
• Possess understanding of good security practices.
• Demonstrate strong, effective communication skills--both written and verbal.

What Will Make Us Love You

• A strong desire to work at Weave because you are interested in our products, what we are working on, and who you will be working with.
• A track record of achievements in your past roles and companies.
• Demonstrated history of securing SaaS products.
• Ability to remove ambiguity and distill what matters and what doesn’t.
• A sense of humor and ability to have fun while working hard!