Senior Application Security Engineer

About the Role

As a Sr Application Security Engineer, you will be improving Glassdoor's application security posture and keeping our platform safe for millions of customers around the world! We are looking for someone who loves to analyze, test and triage application vulnerabilities, manage our public bug bounty program, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, our vendors, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact!

What You'll Do

• Be an advocate for application security within the organization
• Help develop and maintain a risk-based application security program based on a well-defined application security framework
• Enhance and manage Glassdoor’s public bug bounty program, application security tool stack and automated security checks in the CICD pipeline to optimize vulnerability and misconfiguration detection
• Find common patterns and themes within application vulnerabilities and work with Engineering teams to address the root causes
• Participates in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
• Execute security-focused code, architecture and integration reviews
• Coordinate or conduct penetration testing and drive remediation efforts to completion
• Keep abreast of the latest security issues and technologies
• Own and improve process and procedural documentation
• Participate in on-call rotation (nights and weekends) for Security Operations alert response
• Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments

What You'll Bring

• A commitment to add to our culture of DEI.
• 5+ years of experience in web application penetration testing or a security-focused application development role is a must
• AWS Security, CISSP, CEH, GWEB, GCIH or equivalent certifications are preferred
• Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
• Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
• Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
• Ability to read and understand Java, JavaScript, and Python
• Ability to automate repetitive tasks, using Python or other scripting language, is a plus
• Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
• Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience

Compensation and Benefits

Base salary range*: $112,200.00 - $149,000.00

*Glassdoor base salaries are targeted to the market 75th percentile for technical roles and the 65th percentile for non-technical roles. In other words, 65-75% of comparable organizations in our industry will pay less.

Annual Bonus Target**: 10%

**Bonuses are paid in 6-month intervals, aligning with bi-annual performance reviews

Generous Restricted Stock Units (RSU):

***Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually. Additionally, as a pay-for-performance company, RSU grant awards are presented bi-annually to exceptional performers.

You can learn more about our compensation philosophy here and see salary ranges for all Glassdoor jobs here.

Health and Wellness: 100% employer-paid premiums for employee medical, dental, vision, life, short and long-term disability, select well-being programs, along with 80% employer-paid premiums for all dependents.

• Generous paid time off programs for birthing and non-birthing parents are provided, along with paid injury/illness leave and paid family emergency leave.

Coverage begins at the start of employment. After 48 months of continuous employment, 100% of all premiums for you and your dependents can be employer-paid!

**Work/Life Balance:**Open Paid Time Off policy, in addition to 15-20 paid company holidays/year

Investing in Your Future: 401(k) plan with a company match up to $5,000 per year, subsidized fertility and family planning services, and discounted legal assistance services.