Application Security Engineer II

Company Description

As the industry leader in compensation management, Payscale is on a mission to help job seekers, employees and businesses get pay right, and make sustainable fair pay a reality. Empowering more than 53 percent of the Fortune 500 in 198 countries, Payscale provides a combination of data-driven insights, best-in-class services, and innovative software to enable organizations such as Angel City Football Club, Perry Ellis International, United Healthcare, Vista, and The Washington Post to make fair and appropriate pay decisions. Pay is powerful. To learn more, visit www.payscale.com  

• Voted Seattle’s and Boston’s best places to work according to Built In 2022.  

• Voted one of Seattle’s companies with the best benefits according to Built In 2022. 

Job Description

In this role, you will: 

Payscale is changing the way companies attract and retain top talent though innovative
compensation-based tools and analytics.

Payscale is looking for an Application Security Engineer II to join our Application Security
initiatives. You will play a key role in finding and fixing application security issues along with
helping define a Secure Software Development Lifecycle (SSDLC). The right individual for
this role will be experienced with software development, static and dynamic scanning tools,
and application security. If you thrive by working in a fast-paced environment and securing
applications, consider this opportunity as the next level in your professional development.

PRIMARY RESPONSIBILITIES:

Execute various levels of security testing on source code and web applications
Automate application scanning and vulnerability assessment processes to support CI/CD
releases
Validate identified security issues within applications and subsequent recommend fixes
Work with Development and QA Teams to reproduce and resolve application security issues
Work with Product Team to prioritize application security findings

Work with Product Teams to ensure features and functionality conform to security
requirements
Support internal audit controls related to application security

Qualifications

We’d love to talk with you if: 

• Bachelor’s degree required
• 3-5 years of work experience, preferably in a technology-based company (SaaS experience a plus)
• Experience working with multiple teams including Development, QA, Product, and Security
• Strong understanding of secure web application design principles and frameworks such as OWASP
• Understanding of development security concepts such as sanitization, input/output validation, and trusted types
• Experience with securing application cloud services
• Experience with WAF and WAF rulesets such as AWS WAF, Azure WAF, or Signal Sciences
• Experience finding and validating insecure application features and code
• Experience with SAST and DAST scanning (ex. GitLab, Snyk, Veracode, Netsparker)
• Experience with application exploitation tools such as Metasploit or Burpsuite
• Experience with containerization security practices a plus Security certification such as OSCP, GWAPT, or CompTIA PenTest+

Additional Information

In the spirit of pay transparency, we are excited to share the base salary range for this position is $90,400 - $147,800, exclusive of fringe benefits or potential bonuses. This position is also eligible for an annual corporate bonus of 10%. If you are hired at Payscale, your final base salary compensation will be determined based on factors such as geographic location, skills, education, and/or experience. In addition to those factors – we believe in the importance of pay equity and consider internal equity of our current team members as a part of any final offer. Please keep in mind that the range mentioned above is the full base salary range for the role. Hiring at the maximum of the range would not be typical in order to allow for future & continued salary growth. We also offer a generous compensation and benefits package (more information on benefits listed below). 

Benefits and Perks   

The Highlights:  

All around awesome culture where together we strive to: 

• Pursue excellence every day 

• Create customer value 

• Compete to win (and lose!) as a team 

An open and inclusive culture where you’ll learn and grow through programs and resources like:  

• Monthly company all hands meetings 

• Regular opportunities for executive leadership exposure 

• Access to top-notch learning courses through LinkedIn Learning 

• Regular manager check-ins to drive performance and career growth 

• A growing network of employee resource groups 

• And more!  

Our more standard benefits *US 

• A flexible company culture where you’re able to work primarily from your home, with company-provided equipment to set you up for success 

• Discretionary Paid Time Off, giving you flexibility to rest, relax and recharge away from work. 

• 15 Paid Company Holidays, including an extended Fourth of July Break, World Mental Health Day, and Juneteenth 

• A comprehensive benefits plan including medical, dental, life, vision, disability and life insurance covered up to 100% by Payscale 

• 401(k) retirement program with a fully vested immediate company match 

• 12 weeks of paid parental leave  

• Flexible Spending Account options for pre-tax employee allocations 

Our more standard benefits *UK 

• Pension scheme – Pension scheme with Standard Life. 

• Life Assurance scheme – Cover in place for 4 x base salary.  

• Private Medical Insurance scheme – Company funded family cover with vitality. 

Equal Opportunity Employer:  

We embrace equal employment opportunity. PayScale is committed to a policy of equal employment opportunity for all applicants and employees. It is our policy that employees will not be subjected to unlawful discrimination on the basis of race, color, religion, sex, age, national origin, or ancestry, physical or mental disability, veteran or military status, marital status, sexual orientation, political ideology, and any other basis protected by federal, state, or local laws. This policy applies to all terms and conditions of employment, including but not limited to: recruitment, hiring, transfers, promotions, training, discipline, termination, compensation and benefits, performance appraisals, education, and social and recreational programs.