Application Security Architect

About Us

Our mission is simple: we want to set people free to do meaningful work. People love our software—and it turns out that people love working here too. We've been recognized as a "Best Company to Work For” and we're proud of our team for creating software that makes an impact in the lives of HR pros and employees all over the world.

Essential Job Duties

We're seeking an Application Security Architect at BambooHR, who will be responsible for designing, implementing, and maintaining security measures to protect our systems, networks, and data from unauthorized access and cyber attacks.  You will work closely with cross-functional teams to assess vulnerabilities, develop robust application security architectures, and provide expert guidance on best practices in the realm of cybersecurity.

You will:

• Collaborate with development teams, architects, and stakeholders to define and implement security requirements and controls for new and existing application features and design.
• Design and implement secure architectures, leveraging AWS services and best practices for secure application development, deployment, and operations.
• Conduct risk assessments, threat modeling, and security reviews for applications and infrastructure.
• Develop and maintain secure coding guidelines and standards aligned with industry best practices.
• Perform security testing, including static and dynamic code analysis and penetration testing.
• Stay up-to-date with emerging security threats, vulnerabilities, and mitigation techniques, and share knowledge with security and engineering teams and the rest of the company.
• Provide security training and mentorship to development and security teams.

What You Need to Get the Job Done

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent experience.
• Minimum of 8 years of experience in application security, including secure software development lifecycle (SDLC) practices.
• Experience with secure coding practices, web application security, and common vulnerabilities (OWASP Top 10, SANS Top 25, etc.).
• Proficiency in security testing tools and techniques (e.g., static and dynamic code analysis, penetration testing, fuzzing, etc.).
• Extensive knowledge of AWS security services (e.g., IAM, VPC, Security Groups, WAF, GuardDuty, Inspector, etc.) and their secure configuration and integration.
• Strong understanding of security frameworks, standards, and compliance requirements (e.g., NIST, ISO, PCI-DSS, GDPR, etc.).
• Excellent communication and collaboration skills, with the ability to work across multiple teams and stakeholders.
• Hands-on experience with programming languages (e.g., PHP, Python, Bash) and code reviews.

What Will Make Us REALLY Love You 

• Certifications in information security (e.g., CISSP, CCSP, CSSLP) are highly desirable.

What You'll Love About Us

• Great Company Culture. We’ve been recognized by multiple organizations like Inc, Salt Lake Tribune, Glassdoor,  & Comparably for our great workplace culture.
• Make an Impact. We care about your individuality by giving you freedom to grow and create within the company, regardless of your position.
• Rest and Relaxation. 4 weeks paid time off, 11 paid holidays, and we pay you to go on vacation (ask us about this)!
• Health Benefits. Medical with HSA and FSA options, dental, and vision.
• Prepare for the Future. 401(k) with a generous company match, access to a personal financial planner, and both legal and life insurance.
• Financial Peace University. We pay for a one year subscription and you walk away with financial savvy and a bonus.
• Give back.  Get paid to give your time to the community: ask us about this!

BambooHR is committed to the full inclusion of all qualified individuals and will ensure that persons with disabilities are provided reasonable accommodations throughout the hiring process.  If you would like to request accommodations, please let your recruiter know.

BambooHR is An Equal Opportunity Employer--M/F/D/V
Because our team members are trusted to handle sensitive information, we require all candidates that receive and accept employment offers to complete a background check before being hired.

For information on California Privacy Policy, click here.