Application Security Engineer

  • Overview

    Life’s changes create financial needs for people and that the traditional financial system often puts up unnecessary obstacles. People celebrate major milestones like going to college, getting married, and buying a home. And most of the time, these milestones come with financial implications.

    We work on fast-growing marketplace product in Fintech which has raised multiple rounds of funding and is disrupting the lending market and helping people save money and get out of debt faster.

    We are looking for an Application Security Engineer to spearhead secure-by-design initiatives and deep product partnership. We build strong relationships with other teams and empower them to build secure software. This includes reviewing early-stage designs, developing threat models, and scaling impact by curating security patterns, guidance and training. If you’re a builder that enjoys working with cutting edge technologies, we’d love to hear from you!

    The role is full-time and compensation will be based on experience. If you've been seeking a product that's worthy of your skills, then read on!

  • Responsibilities

    • Penetration testing: Hunt for security issues within our applications via internal pen tests.
    • Secure by design: Threat model with Engineering Teams. Then, help teams “bake” these threat models into internal Ruby (and Javascript) libraries.
    • Code reviews: Discover weakness in our code before it reaches production.
    • Bug Bounty Program: Help design Credible’s Bug Bounty Program and be involved in submission triage (and remediation).
    • Secure Software Development Lifecycle: Implement automated tooling (e.g. SAST, DAST, IAST) within our SDLC.
    • Software Development: Write Python code to automate various security controls and processes.
    • Security Champions Program: Scale security at Credible by training security-minded developers.
    • Collaboration with the DevOps Team: Pair with members of the DevOps Team to mitigate Application Security risks in Kubernetes (and AWS). (No previous AWS or Kubernetes knowledge required.)
  • We Require

    • Bachelor’s or Master’s degree in Computer Science or related field
    • Willingness to onboard yourself onto a modern tech stack (e.g., GraphQL, microservice auth leveraging AWS Cognito, Kubernetes)
    • 3+ years in an Application Security role
    • 3+ years of development experience
    • Knowledge of Application Security fundamentals (e.g., OWASP Top 10)
    • Knowledge of Application Security risks within containerized and cloud environments
    • English - upper-intermediate or higher level

    Soft-skills:

    • Problem solving skills and the ability to work under pressure
    • Self-starter with strong interpersonal, communication, and collaboration skills

You may be interested

Ruby Engineer

🇺🇦Kyiv, Ukraine
ruby

Strong Middle+ Ruby Developer

🇺🇦Kyiv, Ukraine
ruby

Ruby Engineer

🇺🇦Kyiv, Ukraine
ruby

Looks like talking about your friend?

Be the one to get us in touch