Senior Application Security Engineer

Checkr’s mission is to build a fairer future by designing technology to create opportunities for all. We believe all candidates, regardless of who they are, should have a fair chance to work. Established in 2014 and valued at $5B, Checkr is using technology to bring hiring to the next level. Our People Trust Platform uses machine learning to help thousands of companies modernize their background check process and make hiring safer, more efficient, and more inclusive. Some of our customers include Uber, Instacart, Doordash, Netflix, Compass Group, and Adecco.

A career with Checkr is an opportunity to work with some of the best and brightest minds, disrupt an industry for a better future, and give otherwise overlooked candidates access to employment. Checkr has been recognized in Forbes Best Startup Employers and is a top Y Combinator company by valuation.

We are looking for a Sr. Application Security Engineer to join our Security team and help us protect our applications (core API, customer facing dashboard, internal backend services) while empowering Product Engineering teams to move quickly. Given the scale and sensitive nature of the information that Checkr processes, security is core to our mission and you will have a key role in supporting those efforts.

What a typical week may look like at Checkr

• Help facilitate our bug bounty program, triage and drive resolutions
• Coordinate penetration tests and work on resolving security issues identified from it
• Conducting threat modeling, security design and architecture reviews on our new products and features
• Integrating security tools in the CI/CD pipelines aka “shifting security left”
• Educate engineers and business stakeholders about Security best practices
• Implement new application features focused on improving security
• Evaluate new technologies and processes that enhance security capabilities
• Participate in on-call rotation 

What we value in an Application Security Engineer 

• Application security background (3+ years) with a focus on providing practical technical guidance to engineering teams
• Solid understanding of web applications architecture and common vulnerabilities
• Good understanding of Ruby, JavaScript, Go, Python with proficiency in at least one
• Experience in analyzing systems and identifying security problems, threat modeling, code auditing, data security, and design and security reviews.
• Strong verbal and written communication skills along with investigative and analytical problem solving skills
• AWS experience and understanding of how cloud infrastructure works
• Familiarity with intrusion detection, monitoring and logging best practices
• Ability to correctly balance security risk and product advancement 

Brownie Points: 

• Diligence in documentation of vulnerability remediations
• Experience with offensive security
• Knowledge of common compliance frameworks such as ISO/IEC 27001, SOC 2, and NIST

What you get

• A fast-paced and collaborative environment
• Learning and development allowance
• Competitive compensation and opportunity for advancement
• 100% medical, dental, and vision coverage
• Up to 25K reimbursement for fertility, adoption, and parental planning services
• Flexible PTO policy
• Monthly wellness stipend, home office stipend

The base salary for this position will vary based on geography and other factors.  In accordance with Colorado law, the base salary for this role if filled within Colorado is $133,663-$157,250. 

Equal Employment Opportunities at Checkr
Checkr is committed to hiring talented and qualified individuals with diverse backgrounds for all of its tech, non-tech, and leadership roles. Checkr believes that the gathering and celebration of unique backgrounds, qualities, and cultures enriches the workplace.   

Checkr also welcomes the opportunity to consider qualified applicants with prior arrest or conviction records. Checkr’s commitment to diversity extends to hiring talented individuals in spite of a prior criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.

#LI-Remote