Staff Product Security Engineer
Remote job description
Snapdocs is a rapidly growing company backed by investors like Sequoia, Y Combinator, F-Prime and Tiger Global. We're an innovative team taking on the extensive mortgage market, bringing scalable and sophisticated software to a pillar of the US economy that still relies on fax machines and manila envelopes.
We are now looking for a Staff Product Security Engineer who will be responsible for providing security guidance in cloud security and web application software design and development (AppSec); identifying, analyzing, communicating, and owning the remediation of product risks; and building automation that supports these goals.
Reporting directly to the Head of Product Security, you will use a DevSecOps model and partner with embedded Security Champions to review architectures and to remediate security testing findings across the S-SDLC. The Product Security department owns all security tools, IAST, DAST, SAST, and tracks security finding remediation by Engineering using an Application Security Posture Management platform called Armorcode. The Staff Product Security Engineer reviews product requirements and performs risk assessments on planned cloud infrastructure/application changes. This role requires a highly collaborative approach paired with excellent communication skills to balance trade-offs, push back, and perform negotiation to get things done. This is where you come in...
Over the past years, you have developed a broad range of security-related skills, gained exposure to diverse application security frameworks, web application vulnerabilities, software security architecture, security threat modeling, software security testing tools, and methodologies while preferably have SaaS product security experience. You come from a software engineering educational background or have relevant experience. A strong background in cybersecurity and have done SANS training, or have certifications such as AWS Certified Security Specialist, CSSP, GWAPT, GPEN, GSEC. Hands-on experience working with Amazon Web Services (AWS) is a must. Experience with Terraform, Ruby on Rails, or Go programming or any programming/ scripting language is preferred. You keep up to date with web application security concepts (OWASP top 10 for example), AWS security best practices, have a working knowledge of securing containerized, serverless environments: EKS, Kubernetes, Lamdba. You have 2+ years of web application security experience -- you have spent time participating in bug bounty, ethical hacking, or contributing to other security related research activities. You are highly collaborative to bridge the gaps between Engineering, Product, Security and the rest of the business to create a secure and stable network. You can balance between builder & breaker. Curiosity, patience, proactiveness & a learner's mindset are at the core of your approach to reducing the threat landscape.
Snapdocs strongly values diversity and drive. We want to work with people of different backgrounds and different paths in life, and we trust our team to make smart decisions. This means we value independent work as well as collaboration. We provide outstanding benefits (listed below) and while we have hubs in both San Francisco and Denver, we're an extremely remote-friendly company with over a third of our staff outside of those two hubs!
Our benefits include (but are not limited to):
- Excellent health, dental, and vision benefits
- 401(k) with up to 4% company match
- 16 weeks paid parental leave (regardless of gender)
- Flexible time off policy
- Flexible spending account for healthcare and dependent care
- Galileo, Modern Health, Urban Sitter, and Northstar Financial memberships
- Life and disability insurance
- Commuter benefits
- 10 year exercise window on your equity (!!)
Snapdocs is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. If you have a disability or special need that requires accommodation, please let us know.
Company name: SnapDocs
Remote job title: Staff Product Security Engineer
Job tags: Bug Bounty, Serverless, AWS