Product Security Engineer

About Trava: Trava exists to protect small and midsize businesses from the potential damage of cyber threats. By integrating assessment, mitigation, and insurance into one, convenient cyber risk management platform, Trava enables business owners and IT professionals to operate secure, productive businesses without fear of interruption or loss caused by cyber incidents. 

About this role: Trava is passionate about developing new cyber security talent and exposing interested individuals to the wide range of possibilities in the field of cybersecurity.  You will have opportunities to leverage your background and technical skills to define standards, develop processes, and implement tools to secure Trava’s software platform. You will also have the opportunity to develop additional capabilities for Trava’s software platform.

Trava is headquartered in Indianapolis, but this position is open to US-based remote candidates.

What we look for in team members: We value people who approach their work with curiosity and passion. As a startup we don't always know all the answers, so being able to deal with ambiguity and uncertainty is important. We look for people who are brave when it comes to trying new things, and we look to everyone on the team to support one another. And finally, we like to have fun. While we take our work seriously, we try not to take ourselves too seriously. We're looking for teammates who appreciate having fun while they work!

Key skills include: software development experience in either NodeJS and/or Python, application security, application penetration testing, knowledge of OWASP Top 10, CICD pipeline, API and integration.

Reports to: Senior Security Engineer

What You’ll Do:

As a product security engineer, you will have the opportunity to directly contribute to the development and securing of Trava’s application and platform. Responsibilities include but are not limited to:

• Develop and implement secure software development processes and standards
• Review, implement, and continuously improve security scans for Trava’s SDLC
• Triage and work with engineers to remediate vulnerabilities within Trava’s SDLC
• Research, identify, design, and integrate emerging security scanning technologies into Trava’s application and platform
• Conduct security scanning and threat modeling on Trava’s web application to identify and remediate vulnerabilities
• Develop and deliver secure software development training for Trava's engineers
• Interface with customers and service delivery team to address questions about Trava platform

What We’re Looking For:

• Required:
• 2+ years of experience with software development and application security
• Knowledge of OWASP Top 10
• Knowledge of NodeJS and/or Python
• Some experience with penetration testing or threat modeling of web application
• Some experience with containers and microservices
• Some experience with DevSecOps and CI/CD
• Proven problem solver
• Not afraid to challenge the norms and explore new ideas
• Good verbal and written communication skills
• Nice to have: 
• Knowledge of information security frameworks such as CIS and NIST CSF

Benefits:

• 401(k) available (no match yet)
• Healthcare, vision, and dental insurance
• Flexible PTO + 17 company holidays
• Monthly tech stipend
• Work from home or from our Indianapolis office

What Matters to Us:

At Trava:

• We are obsessed with our customers’ success
• We are transparent and honest with our customers, our business partners, and each other
• We advocate for diversity in all its forms
• We believe that laughter makes us more productive
• We take care of ourselves and our families so that we can bring our very best to Trava

Trava  is an equal opportunity employer, and we value diversity at our company. We don’t discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.