Application Security Engineer III
Remote, Canada
Mapbox
APIs and SDKs for AI-powered maps, location search, turn-by-turn navigation, and geospatial data in mobile or web apps. Get started for free.Mapbox is the leading real-time location platform for a new generation of location-aware businesses. Mapbox is the only platform that equips organizations with the full set of tools to power the navigation of people, packages, and vehicles everywhere. More than 3.9 million registered developers have chosen Mapbox because of the platform’s flexibility, security, and privacy compliance. Organizations use Mapbox applications, data, SDKs, and APIs to create customized and immersive experiences that delight their customers.
What We Do
Mapbox is looking for a Senior Application Security Engineer to join our Security & Compliance team. As a member of our diverse and globally distributed team, you’ll play an advisory role across the whole company. You will help all Mapbox engineers build secure-by-default systems and triage and mend vulnerabilities on their systems. Engineers on the Security & Compliance team build scanning and threat detection systems to monitor Mapbox’s cloud deployment (AWS-native, mainly container-based, 7 global regions including China) and other digital assets. They conduct risk assessments of new vendor integrations and product launches, and facilitate a bug bounty program that leverages the diverse expertise of a global community of security researchers. Lastly, they build and maintain core standards around security, quality, and privacy—reflected in our compliance certifications—and the automation to monitor and enforce these standards across Mapbox.
What You'll Do
We’re excited to share our passion for scalable, engineering-driven, security with you, and for your perspective to help shape our team’s goals. You will be responsible for contributing to, operating, and improving all things related to our security and compliance services. In this role, you can expect to:
- Conduct AWS security reviews (deep dive into our AWS environment to validate security best practices are being followed).
- Make security improvements recommendations and work with our production support teams to implement security improvement in AWS.
- Partner with the Lead Security Architect in fixing custom-built security tools bots.
- Conduct in-depth security reviews of application code, working closely with developers to code securely from the outset and address issues early during coding and testing phases.
- Partner with internal product teams to implement a secure-by-default design into their own products.
- Partner with Mapbox engineering teams to understand and resolve security incidents that arise on their services.
What We Believe are Important Traits for This Role
- Bachelor’s or higher degree in Computer Science or similar
- 5+ years of experience in product or application security and related software engineering roles
- Extensive experience with AWS services like API Gateway, CodeBuild, GuardDuty, CloudTrail log review, IAM, Security Groups, CloudFront, VPCs, Inspector, CloudFormation, ECS, Lambda, DynamoDB, S3, Athena, and Glue.
- Strong proficiency in a programming language (e.g. JavaScript or Node.js or Python), testing practices, and thorough documentation.
- Subject matter expertise in security best practices and the ability to quickly make correct risk assessments that prioritize the overall benefit to the company.
- Experience with SOC, GDPR, and ISO compliance standards a plus
What We Value
In addition to our core values, which are not unique to this position and are necessary for Mapbox leaders:
- We value high-performing creative individuals who dig into problems and opportunities.
- We believe in individuals being their whole selves at work. We commit to this through supportive health care, parental leave, flexibility for the things that come up in life, and innovating on how we think about supporting our people.
- We emphasize an environment of teaching and learning to equip employees with the tools needed to be successful in their function and the company.
- We strongly believe in the value of growing a diverse team and encourage people of all backgrounds, genders, ethnicities, abilities, and sexual orientations to apply.
Mapbox is an EEO Employer - Minority/Female/Veteran/Disabled/Sexual Orientation/Gender Identity
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: API Gateway APIs Application security Automation AWS Cloud CloudFront Compliance Computer Science DynamoDB GDPR IAM JavaScript Lambda Node.js Privacy Python Risk assessment S3 SOC Teaching Threat detection Vulnerabilities
Perks/benefits: Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Windows-related jobs
- Open CISM-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Forensics-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs