Application Security Architect

mmhmm is an all-in-one platform for making, watching, and talking on videos. We're on a mission to make video an everyday tool that's accessible to everyone to communicate in the modern workplace.

We believe that making a video should feel as effortless as sending a text message, as quick as a chat, and as human as a coffee break.

Founded in May 2020, mmhmm is a fully distributed, global company that builds products and services to make the Out-of-Office (OOO) work lifestyle possible.

mmhmm is an All Turtles company. All Turtles is a globally distributed product studio that solves meaningful problems.

As an Application Security Architect at mmhmm, you'll ensure that our applications incorporate security best practices in their architecture and design. You'll work as part of our security team, reporting to the Director of Security, and in constant collaboration with our engineering and design teams to provide threat modeling, vulnerability identification and analysis, and recommendations for security enhancements. You'll be a trusted resource for implementing security-by-design in the cloud on new projects, as well as getting existing projects to a solid 'best practices' footing. You'll have the freedom to choose the right tools for each job.

You're the right person for this job if you love to collaborate across teams, take pride in the quality of what you produce, and crave variety in your work.

You'll be responsible for:

• Owning critical aspects of our security program including our threat modeling, vulnerability management and bug bounty processes.
• Conducting ongoing dynamic application and static application security testing, constructing and maintaining threat models and performing architecture reviews.
• Integrating secure software development practices and automation in our day-to-day operations in close collaboration with our engineering teams in support of agile practices.
• Working with our engineering, product management and customer experience teams to prioritize, design and implement application security controls.
• Continually evolving application security strategy in response to evolving threats and to enable a great product for our customers.

Ideally, you'll have:

• Early stage startup experience.
• Experience with distributed organizations, especially development teams.
• Deep experience and expertise with web, thick-client and mobile application security penetration testing and tooling.
• Knowledge of AWS architecture, including IAM, API Gateway, Lambda, S3, RDS and DynamoDB.
• A track record of making security design decisions in balance with customer needs.
• Proficiency in a programming language such as Python, with a passion for automation.
• Excellent communication skills, both spoken and written.

Stretch Qualifications:

• Experience designing and conducting custom secure development training for software engineers with considerations for language-specific concerns.
• Experience with AWS security tools such as GuardDuty, Inspector and Macie.
• Experience performing network layer penetration testing.

This Application Security Architect role is a full-time position reporting to the Director of Security. This role can be based in any location globally, but your closest colleagues will be concentrated in US time zones, and the role requires significant working-hours overlap with US time zones. We offer comprehensive health, dental, and vision insurance to our employees and their dependents, as well as a suite of optional benefits and perks programs including parental leave and flexible PTO.

Our Principles

As a company, we realize that talent is evenly distributed throughout the world, but opportunity is not. We believe that you should work where you can have the best impact, and live where you can have the best life.

Compensation

Compensation is based on a combination of skills, experience, and contribution, not on where they live or how they have been paid in their past jobs. We have standardized, nationwide compensation levels that are set according to everyone's job. The levels are calculated annually, based on collecting national compensation data, and weighted to be competitive in the most expensive markets for each country.

Distributed Facilities Supplement

We are a fully distributed team, however it is still our responsibility to make sure that employees have a safe, healthy, and productive work environment. We provide each employee with a monthly distributed facilities supplement for them to spend on whatever each employee thinks will give them a healthier and more productive work environment.

Turtle-Crossing Bonus

We believe that in-person time is precious and best spent building, rather than spending, 'relationship capital'. To encourage those moments to take place, we offer a 'Turtle-Crossing' bonus to employees when they meet in person to build and strengthen relationships with one another.

Health and Vacation Programs

We also offer comprehensive health, dental, and vision insurance to our employees and their dependents, where available, as well as parental leave and unlimited vacation (plus an annual vacation bonus).

All Turtles and mmhmm are committed to creating and fostering a diverse team. We encourage people from underrepresented backgrounds and all walks of life to apply. We're committed to providing reasonable accommodations to all applicants throughout the application process.