Senior Application Security Engineer

Hello, World! Codecademy has helped tens of millions of learners upgrade their careers, build meaningful projects and gain confidence in their skills with engaging, accessible, and flexible education on programming and data skills. We provide hands-on interactive lessons ranging from Python to R to Javascript and everything in between. Our learners have gone on to start companies, new jobs, and new lives thanks to what they've learned with Codecademy, and we're thrilled to be working to take that impact to the next level.

Codecademy was started in 2011 by two college students in a dorm room at Columbia that were frustrated by the huge gap between education and employment. Almost a decade later, we are a rapidly growing, diverse team of about 200 distributed through North America and headquartered in SoHo, NYC. We've raised over $87.5m in venture capital funding from top investors including Kleiner Perkins, Naspers, Owl Ventures, Union Square Ventures, Y Combinator, and more.

If you want to help build a business that impacts tens of millions of people each year and helps them lead better lives, join us!

The Security & Compliance team helps to improve our security posture as we begin building our security and compliance programs. We will provide subject matter expertise on authentication, authorization, and other security implementations. Also coordinating security operations, including incident response, vendor risk management, asset management, security awareness training, privilege management, monitoring/detection, and other security and compliance processes.

If you're passionate about building out and further maturing our controls, starting with fundamentals like access control, incident response, vulnerability management, asset management, security awareness, and education, this is the team for you.

What you'll do

• Work with Engineers, Product Managers, and Designers at the earliest planning and design phases
• Implement automated security testing across the software development lifecycle
• Conduct penetration tests and security reviews for core applications and APIs
• Collaborate and advise engineering teams on building authentication, authorization, and encryption solutions
• Develop tools to test, monitor, and enforce security across our applications
• Collaborate and advise engineering teams to build authentication, authorization, encryption, and other security implementations
• Coordinate with external security researchers testing our application.

What you'll need

• A minimum of 5 years of application security experience
• Development experience using Python, Go, Ruby on Rail and/or Javascript
• Experience with threat modeling and conducting web application security assessments
• Experience with a variety of security testing methodologies, including fuzzing and source code analysis
• Experience with secure networking best practices
• Knowledge of web application vulnerabilities and attack methods. Including OWASP top 10 and other vulnerabilities.
• Familiarity with containerization technologies
• Passionate about learning new things and excited to share knowledge
• Ability to work closely with Engineers and other stakeholders

What will make you stand out

Extensive development experience