Senior Application Security Engineer

Build the world's fastest Identity and Checkout products

Company Mission

Our mission is to make buying online faster, safer and easier for everyone. Fast Login and Fast Checkout enable a one-click sign-in and purchasing experience that makes it easier for people to buy and merchants to sell. The company's products work on any browser, device or platform to deliver a consistent, stress-free purchasing experience. Fast is entirely consumer-focused and invests heavily in its users' privacy and data security. Headquartered in San Francisco with Fast Flex for global employment, we are a privately held company funded by Stripe, Index Ventures, Susa Ventures and other world-class investors.

We are committed to diversity and inclusion, and demonstrate our values through equitable pay, fantastic benefits, and access to all reasonable accommodations.

Summary

We are looking for a hands-on individual with an ethical security mentality (sneaker? red team? tiger?) -to join us in a Senior Application Security Engineer Role. You will assist with the build out of Fast's application security program, and lead the way on architecting, developing and deploying application security tools and technologies to protect the Fast's platform and backend infrastructure. Does this sound like you? We want to talk to you!

Responsibilities

• Develop the secure SDLC process at Fast and perform static security code analysis (SAST) of the Fast code base on a regular basis and provide relevant recommendations to the Fast development team
• Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production
• Perform threat modeling on existing and upcoming featureset in the Fast platform so that appropriate security controls can be built from the ground up
• Review security alerts and reports and work closely with the DevOps team to design workflow
• Manage the bug bounty program at Fast and work with the developers for timely remediation of the reported issues
• Manage external independent Application Security Testing and ensure timely remediation of issues
• Identify and mitigate all vulnerabilities originating from third party dependencies
• Impart ongoing secure code and application security standard methodologies training to developers.

Requirements

• Bachelors in Computer Science or related field, or equivalent experience
• 5+ years in a security engineering or operations role
• Solid understanding of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
• Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
• Experience with developing threat models (STRIDE, DREAD, etc.)
• Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.

Plus

• Experience with automation tools like Ansible, Chef, Puppet, Jenkins
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
• Experience with Web Application Firewalls (WAF)

Benefits of life @ Fast

• Fast Flex allows all of our employees to choose where they want to work: our office (when open), their home or any place else in the world.
• Help eliminate passwords and expand e-commerce worldwide
• Innovative engineering and product culture
• Early stage well-funded company
• Inclusion and diversity as a company priority
• Founders-led company
• Competitive compensation packages
• Comprehensive benefits (including 99% of healthcare cost and 401k matching)
• Additional benefits include home office reimbursements and snack deliveries