Application Security Engineer

San Francisco, California

Full Time
Udemy, Inc. logo
Udemy, Inc.
Apply now Apply later

Posted 1 week ago

Senior Application Security Software Engineer

Job Description
As a full-stack software engineer on the Application Security team, you will be both writing code as well as using or integrating tools to keep our applications secure. This will include a range of responsibilities from authentication and authorization to compliance and automation. We focus on improving code quality and making work easier for everyone.
 

Key Responsibilities

  • Serve as a Subject Matter Expert (SME) in web application security for projects during development.
  • Provide Application Security consulting and recommendations, ensuring the implementation of approved security requirements.
  • Help improve the quality of our code throughout the whole stack. This will include writing fixes for individual problems as well as authoring “guard rails” which keep engineers from introducing problems in the first place.
  • Contribute to code reviews, design discussions, and develop features and solutions that scale.
  • Share application security knowledge with the members of the wider engineering team through training and internal blogging.
  • Support the implementation and enforcement of secure design principles according to policies, standards, and patterns of Application Security.
  • Plan , organize, and complete work within agile sprints. Communicate effectively on progress towards meeting expectation.
  • Use the best software development practices and processes to coach and mentor other engineers to become proficient developers.
  • Contribute to a team culture that values openness, inclusiveness, respect, quality, robustness, scalability, and humility while fostering innovation. 
  • Participate in security incident response when needed.
  • Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof-of-concepts, and pilot installations.
  • Collaborate with product management and other engineering teams to define initiatives and features.
  • Our team runs our own services and are on-call for those services 24/7.


  •  

Minimum Qualifications

  • Minimum two years of experience with web application technologies including HTTP, HTML, CSS, and JavaScript
  • Minimum one year of experience with modern JS libraries/frameworks (e.g. React, Angular, Vue, etc.).
  • Minimum two years of experience with scripting languages like Python, Ruby, PHP, JavaScript, etc.
  • Deep understanding of each OWASP top 10 vulnerability
  • Minimum two years of experience in a security roleKnowledge of website security, such as headers, cookies, CORS, XSS, etc.
  • Strong understanding of Web authentication technologies such as OAuth and SAML
  • Knowledge of the Software Development Life Cycle (SDLC), both generating policy and the application thereof
  • Understanding of TLS and encryption, down to individual ciphers, and hashes and their correct application
  • Experience with hacking, pentesting, and security tools (e.g. Burp Suite, Kali Linux, Nmap, Ghidra, IDA Pro, John the Ripper, Metasploit)
  • Strong technical communication skills
  • Knowledge of object-oriented software design patterns and computer science fundamentals (e.g. data structures, algorithms) 
  • Understanding of web frameworks and ORMs (for instance, ActiveRecord in Rails)Experience with relational DBs (e.g. MySQL) including the development of complex SQL queries and their security pitfalls
  • Testing methods, including unit and integration testsKnowledge of LinuxKnowledge of networking

Nice to have

  • Knowledge of how to use and configure Docker and Kubernetes
  • Contributions to open source projects
  • Swagger/Open API tooling experience
  • Knowledge of using fuzzing in a web context 
  • Experience working with real-time messaging, NoSQL storage, and asynchronous task queues (e.g. Redis, RabbitMQ, Kafka, Celery, or Spark)
  • Understanding of security-related compliance topics such as SOC2, PCI, ISO 27001

About UdemyWe believe anyone can build the life they imagine through online learning. Today, more than 50 million students around the world are advancing their careers and passions by exploring and mastering new skills on Udemy, and expert instructors are able to share their knowledge with the world. Through our global marketplace and our solutions for businesses and governments, we connect people everywhere with the skills they need for success in work and life. We’re a close-knit bunch that enjoys problem-solving and collaboration, and we share a serious belief in the power of learning and teaching to change lives. Udemy’s culture encourages innovation, creativity, passion, and teamwork. We also celebrate our milestones and support each other every day.
Founded in 2010, Udemy is privately owned and headquartered in San Francisco’s SOMA neighborhood with offices in Denver (Colorado), Dublin (Ireland), Ankara (Turkey), Gurugram (India), and São Paulo (Brazil).
Udemy in the NewsUdemy Raises 50 Million at a 2 Billion Dollar Valuation from Japanese Publisher BenessePaid Paternity Leave Should be the Norm in the U.S.Breakdown of Most In-Demand Skills for 2020—Finance, Marketing, Sales and EngineeringHow Investing in Yourself Today Will Set You Up for Career Success TomorrowFeedback Isn’t the Problem, but the Way That We Deliver It Is Broken

Job tags: Automation Burp Suite Docker Encryption Finance Incident response ISO 27001 JavaScript Kali Linux Metasploit Nmap Open Source PCI PHP Python Ruby TLS