Senior Application Security Engineer

Since its inception in 2003, driven by visionary college students transforming online rent payment, Entrata has evolved into a global leader serving property owners, managers, and residents. Honored with prestigious awards like the Utah Business Fast 50, Silicon Slopes Hall of Fame - Software Company - 2022, Women Tech Council Shatter List, our comprehensive software suite spans rent payments, insurance, leasing, maintenance, marketing, and communication tools, reshaping property management worldwide.
Our 2200+ global team members embody intelligence and adaptability, engaging actively from top executives to part-time employees. With offices across Utah, Texas, India, and the Netherlands, Entrata blends startup innovation with established stability, evident in our transparent communication values and executive town halls. Our product isn't just desirable; it's industry essential. At Entrata, we passionately refine living experiences, uphold collective excellence, embrace boldness and resilience, and prioritize diverse perspectives, endeavoring to craft a better world to live in.
As a Senior Application Security Engineer at Entrata, you will play a pivotal role in defining and implementing advanced security measures to protect our software applications and client data. The ideal candidate will bring extensive experience in Static and Dynamic Application Security Testing(DAST/SAST) methodologies and a track record of providing strategic leadership in application security.

Responsibilities will include:

• SAST (Static Application Security Testing): Implement SAST tooling into our CI/CD pipeline to identify and prevent vulnerabilities in code before they reach our product.
• DAST (Dynamic Application Security Testing): Perform manual and automated security assessments against our application. Implement robust automated scanning tooling across our web and mobile applications.
• Secure Coding Education: Develop secure code recommendations and guidelines for the organization to follow during the SDLC. Regularly educate the organization on these principles.
• Threat Modeling: Drive the development and maintenance of comprehensive threat models for Entrata's applications. Regularly perform threat models for critical components.
• Vulnerability Management: Lead and guide development teams in implementing effective remediation strategies for identified vulnerabilities.
• Secure Architecture Recommendations: Provide strategic direction and oversight in integrating security measures into the software architecture. Review and provide security recommendations for key software architecture decisions.

Minimum Qualifications:

• Bachelor's or Master’s degree in Computer Science, Information Security, or a related field.
• 6+ years of experience in a Security-related field for a Master’s degree, 8+ years for a Bachelor’s. At least 4 years of experience in an Application Security role.
• Deep knowledge of web application frameworks and technologies.
• Strong understanding of cloud security principles
• Experience managing SAST tooling in a DevSecOps role
• Experience pen testing web applications, and experience with automated DAST tooling
• Strong interest in information security, particularly in software security
• Strong understanding of computer science and software development lifecycles
• Basic understanding of security frameworks and standards (e.g., ISO 27001, CIS AWS Foundations).
• Excellent problem-solving skills and attention to detail.
• Strong communication skills and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders
• Proven ability to lead and collaborate in a team-oriented environment. Experience in mentoring and guiding junior team members.
• Relevant certification, such as CompTIA Sec+

Preferred Qualifications:

• Dedicated software engineering experience developing SaaS applications
• Experience with cloud security tools and technologies
• Familiarity with PHP and NodeJS
• Familiarity with scripting and automation for security tasks (e.g., Python, PowerShell).
• Understanding of threat detection and incident response processes.
• Awareness of cloud compliance and audit procedures.
• Familiarity with security tooling such as Wiz, Splunk, or other open source equivalents
• Advance certifications, such as CISSP, CCSP, CFI, CEH, OSCP, or others

Members of the Entrata team aren’t just intelligent and ambitious, they’re the living embodiment of another core Value: “Teamwork and Collaboration.” Entrata is dedicated to creating a workplace where a diverse and inclusive team thrives in an environment free from discrimination. We provide equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, protected veteran status, or any other applicable characteristics protected by law.

It’s a great place to work! Will you join us?