Application Security Engineer
Remote or New York, NY
Posted 6 days ago
With over 10,000 online merchants launching subscriptions and over 1,000,000 subscribers powered by ReCharge, we have a lot of store owners to support. Our mission to make repeat orders easier began five years ago as a bootstrapped startup and today we're at the forefront of recurring billing software with over 175 remote-first employees around the globe processing hundreds of millions of dollars in sales every month.
As an Application Security Engineer reporting into the Engineering department, you will be helping us grow our security program and work closely with all of our internal development teams to ensure best practices. Your ability to keep up to date on all new security challenges and work with our teams to develop protection mechanisms will be key to our long term security success.
Our stack includes: Python, Flask, Redis, Docker, GCP, Terraform, Detectify, Linux, Github, CircleCI.
What You’ll Do
- Live by and champion our values: #ownership, #empathy, #simple-solutions.
- Perform application and workstation security assessments including architecture review, threat modeling, code review and penetration testing.
- Assist and enable engineering teams to adopt secure development practices.
- Implement new technologies to solve ReCharge’s technical challenges as they arise.
- Provide software security advice to cross-functional teams including product, engineering, and support and work with engineering and product teams to drive security issues to resolution.
- Define user/workstation security posture and support enforcement tools.
- Bring your security expertise to grow your skills related to SDLC security activities.
- Develop security guidance including training material, best practices and secure coding checklist.
- Deliver security testing at scale by building and implementing static and dynamic analysis tools.
- Implement security tools and technologies such as penetration testing, vulnerability scanning and reporting.
- Champion good habits within your team; improve engineering standards, tooling, and processes.
- Find and address performance issues throughout the application.
What You’ll Bring
- Typically, 6+ years of relevant experience in fast paced engineering environments
- 3+ years experience performing secure SDLC activities like Threat Modeling, DAST, SAST, OSS and manual pen testing
- Expert understanding of common software and web application security vulnerabilities
- Knowledge of crypto primitives, authentication protocols and authorization standards (e.g. SSL/TLS, SAML, OAuth, JWT tokens)
- Experience with security related to CI/CD workflows preferred and desire to grow in this area
- Experience with tools used throughout secure SDLC (e.g. Burp Suite, AppScan, Fortify, CheckMarx) a plus
- Knowledge of OSS scanning tools like Black Duck, SourceClear, WhiteSource and basic knowledge of network architecture, protocols, and standards
- Ability to work remotely and desire to make an impact at a boot-strapped start-up
- Bachelor’s degree or equivalent experience desired
ReCharge Payments is an equal opportunity employer. In addition to EEO being the law, it is a policy that is fully consistent with our principles. All qualified applicants will receive consideration for employment without regard to status as a protected veteran or a qualified individual with a disability, or other protected status such as race, religion, color, national origin, sex, sexual orientation, gender identity, genetic information, pregnancy or age. ReCharge Payments prohibits any form of workplace harassment.