Application Security Engineer

Podium exists to help local businesses win. Using Podium’s technology, local businesses are able to simplify the way they build their business and modernize the way they communicate with their customers – from collecting payments, facilitating online reviews, launching marketing campaigns, and much more.  

Our work and focus on local business and helping them to build thriving businesses has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000 (#13), and Fast Company’s World’s Most Innovative Companies. For more about our product, watch this video. Podium has a positive, inclusive, and supportive culture and was recently named one of Inc. Magazine’s Best Workplaces for 2021 (4 years in a row). We look for people who are curious, creative and are willing to do the work to be a little better every day. We also embody our company values in all that we do, which always starts with being Customer Obsessed, followed by Be a Founder, Zero Drama, and Enjoy the Ride. 

We are looking for an Application Security Engineer to help protect and architect the solutions that will keep our SaaS products and internal systems secure. Our ideal candidate has a passion for security and is a self-driven individual with a founder mentality. We’re looking for someone who loves to tear applications apart, identify vulnerabilities, and knows how to design a thoroughly hardened solution resilient to attackers. This position will join the Application Security team at Podium; working closely with our engineering team to help secure one of the fastest growing Communication Platforms for local businesses. 

What you will be doing:

• Serve as Security voice to product teams; identifying security gaps before they arise and helping provide remediation recommendations for any issues identified in the platform
• Providing understandable and transparent rationale for security decisions to all stakeholders
• Working with the rest of the AppSec team to maximize product security coverage
• Help to further the Security education amongst the engineers of Podium
• Building new application security measures to impact the platform as a whole
• Conducting Threat Modeling and Risk Assessment exercises for various services across our platform
• Participate in on-call rotation for security alerts and Bug Bounty Program
• Attend an annual security conference (i.e., DEF CON, Blackhat, SAINTCON)
  

What you should have:

• 2+ years of experience securing Web Applications and APIs
• AND/OR 2+ years of Software / Web Development experience
• Experience using security tools such as: Burp Suite, IDA (or another RE tool), Wireshark, Kali Linux suite
• High level software development skills; basic scripting, functional programming experience, familiarity with code repositories and deploy pipelines, etc…
• Familiarity with common web application vulnerabilities, like the OWASP Top 10 and the OWASP API Top 10
• An understanding of microservices oriented architecture and the security pitfalls associated

What we hope you have:

• Experience in any of these core technologies: Elixir, GraphQL, React, and/or Python
• Experience with other SaaS apps, specifically with focuses on VOIP solutions or mobile apps
• Been an active member in the security community (e.g. OSS Contributions, OWASP, conference talks, CTFs, etc.)
• Penetration testing experience

BENEFITS

• Remote first work setting for Engineering & Product
• Great opportunities for career growth
• 401k with a competitive matching contribution plan
• Unlimited Vacation (yes, we want you to have a work-life balance)
• Great medical, dental, vision benefits
• Yearly home office upgrade stipend
• Yearly team building on-site events at HQ in Utah
• Multiple internal hackathons a year
• Life insurance, long and short-term disability coverage
• Paid maternity and paternity leave
• Swag

Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.