Application Security Engineer

New York

Applications have closed

CANDY

Fandom, reimagined. Only at Candy.com

View company page

Application Security Engineer

Candy’s mission is to deepen our interaction with experiences that bring us joy. As fans. As collectors. As people creating lives, we’re passionate about living. We know that relationship because we’ve chased it since we were kids. We are unapologetic fans and momentous collectors who see limitless possibilities in the digital revolution that’s disrupting – more like exploding – the way we engage and experience our favorite sports, music, art, and cultural icons.

We know the passion of being a die-hard fan and the need for the experience beyond the bleachers. We’re building a fully immersive storefront where fans can not only buy, sell, and trade their digital assets, but also experience a fully immersive marketplace that gives our users enablement beyond imagination with their digital assets.

Fandom. Reimagined.

 OUR INVESTORS:

  • Michael Rubin- Founder & CEO of Fanatics & Philadelphia 76ers co-owner 
  • Mike Novogratz - CEO of Galaxy Digital, Pioneer Investor
  • Gary Vaynerchuk- CEO of VaynerMedia, Social Media Entrepreneur

 

SO YOU WANT TO JOIN CANDY?

We are looking for an experienced Application Security Engineer who will be an integral part of the security team, working with application development and infrastructure teams to ensure applications are designed, coded, and implemented in a secure manner that meets the requirements of Candy Security policies and standards. You will drive the improvement of policies, standards, and other aiding documentation. This is a hands-on technical position where you will find yourself collaborating with multiple groups across the organization. While the security team is small but mighty, you will make a direct impact in security as Candy continues to scale. We are always thinking of newer and better ways to tackle hard security problems and we believe in the power of automation.

We are searching for creative minds that are excited to take on difficulties in the immediate while providing vision to the future. We want builders, innovators, and those that can not only think outside the box but collaborate within.




AS OUR MOST VALUABLE PLAYER, YOU WILL...

  • You will be part of an agile team focusing on securing product development at  Candy, often in collaboration with engineers and teams across the Candy organization in a project-oriented fashion.
  • You will take on different roles and duties, based on what the matter requires; ranging from consulting and assisting, to hands-on software development.
  • You will design, build and operate distributed security systems at a large scale, as well as educate and influence the Candy engineering community in security-related topics.
  • Manually assess applications for vulnerabilities created by incorrect business logic implementations and other potential vulnerabilities that are not typically identified with the use of automated tools
  • Evaluate, recommend, and implement application security-related software in an automated continuous integration/deployment environment.
  • Identify, communicate, and drive the resolution of vulnerabilities
  • Serve as a subject matter authority for application development and infrastructure teams
  • Your work will cover all parts of securing the software development lifecycle, and it will be tailored to the needs of the organization, always striving to improve the security properties and attributes of our applications and production systems.
  • Work in a high-volume/fast-paced environment.
  • Cross-functionally works across different departments.
  • Create strategies and communicate them in thorough presentations effectively

 

WHO ARE YOU?

  • Extensive experience in web application security
  • Strong knowledge of application security throughout the SDLC
  • Experience with agile delivery practices
  • Familiarity with enterprise network infrastructure
  • Familiarity with common DMZ architectures
  • Experience integrating security into DevOps practices.
  • Experience using static application security testing tools such as Fortify, Checkmarx, Veracode, etc.
  • Experience dynamic examination with tools such as AppScan, Webinspect, BurpSuite, and OWASP ZAP, etc.
  • You ease at presenting your work and explaining design outcomes.
  • You love sports, blockchain & crypto, and/or collectibles!

 

You’ll Love Working here because...

  • Our People. You will be working with the top players who are the most enterprising, fun, encouraging, and innovative heads and teams. Aka, people you can be proud to work with!
  • Our Mission. We believe that we are building something great and that the finest things we create will make the world a better place. Our goal is to deepen our relationship through experiences to fans and collectors globally.
  • Perks. Our team-based culture provides the foundation for people to do their greatest work and constantly learn and grow. We offer a full slate of benefits, including competitive salaries, stock options, health coverage, and unlimited vacation. Given that we’re an early-stage startup, our benefits package continues to evolve as we do. Your ideas and suggestions matter to us! 

 

Our Core Values.

  • Trust. We safeguard the goal. We believe we will only succeed if we earn trust – trust of our people, trust of our customers, trust of our partners. We will aim to achieve and keep faith at all times.
  • Innovation. We dream big. We’re endlessly curious and constantly searching for the best, the better, and the never-before imagined.
  • Excellence. We take big swings. We have high expectations of ourselves in everything we do.
  • Grit. We drive past the finish line until the last second. Giving up is not an option. We will always find a way. 
  • Inclusion. We are a team player, and we are in it together. We believe that diverse thinking comes from different thinkers, and we need all perspectives to come together and win.
  • Authenticity. We are the real deal and always authentic in what we create, our dealings with others, and in who we are as human beings. 
  • Accountability. We carry the ball. We hold ourselves to the highest moral and ethical standards. We will be fair and honest and take responsibility for our actions.

Total Compensation Range (Base + Equity): 125k-200k per year

Our compensation package currently breaks down into a base salary and an equity component for all employees. The candidate’s seniority and the evaluations made of that candidate during the interview process determine compensation.

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Agile Application security Automation Blockchain Burp Suite Checkmarx Crypto DevOps OWASP SDLC Veracode Vulnerabilities

Perks/benefits: Competitive pay Equity Health care Startup environment Unlimited paid time off

Region: North America
Country: United States
Job stats:  8  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.