Senior Security Engineer, Application Security

Self-driving is a very challenging area. Your ideas and wisdom will promote the progress of this industry. You will be deeply involved in the security improvement and compliance of pony.ai products or services. Our work will focus on product security vulnerability analysis.

You must be a self-starter who thrives in a fast-paced, agile environment – which means wearing many hats, being able to change direction quickly, and showing an eagerness to learn and introduce new technologies as the need arises. Accordingly, you will have more access to security technologies in different areas. It will give you rich experience and different work experience.

What you’ll be doing:

• Perform reviews ranging from architectural design to threat modeling and source code level assessments, providing actionable recommendations to make our products more secure
• Collaborate closely with engineering on security focused code reviews and implementation of security best practices in essential systems
• Write and use tools to help identify application security flaws and provide fixes or work with engineering teams to see issues are remediated
• Be capable or prioritizing security efforts as well as help teams understand prioritization of performing security mitigation work

Requirements

What you must have:

• A broad and practical understanding of security fundamentals and their application
• Extensive experience in the application security space; securing complex interconnected web applications and their architectures using Golang, Python and/or Node.js
• 4+ years of direct experience in information security, ideally with a focus on application security
• A documented history of finding high impact vulnerabilities or participating in the creation of tools to do the same
• A track record of developing projects from design to implementation and maintenance
• Experience using a variety of static and dynamic security tools
• An interest in building creative solutions to challenging security problems with a focus on mentorship and scaling the team’s impact
• Have good communication skills and teamwork skills, Chinese communication skills required.

Bonus Points:

• Contributions to the security community (open source, white papers, talks, etc)
• Doing well at large CTF events
• Experience with static analysis
• Experience fuzzing applications and protocols
• Experience with building automation for security testing
• Experience with embedded security
• Experience with mobile security