Application Security Engineer

Remote - Charlotte, North Carolina, United States

FormAssembly Inc. logo
FormAssembly Inc.
Apply now Apply later

Posted 1 month ago

Hello! Are you interested in joining a 100% remote SaaS company dedicated to helping customers streamline organizational processes and be better stewards of their data? Consider applying for open positions at FormAssembly, an enterprise web form creation and collection platform used by some of the largest and most well-known organizations in the world.

We are a team of collaborators that are passionate about providing the very best to our customers, partners, and stakeholders, internally and externally. We are travelers, artists, athletes, and animal lovers creating an incredibly strong, fully remote team and providing amazing results, no matter where we are. We’re problem solvers and continuous learners who are never afraid of a challenge. FormAssembly is growing fast and we are excited to add an Application Security Engineer to our Systems & Infrastructure team.


As an Application Security Engineer, you will:

• Proactively perform technical security assessments against FormAssembly’s web applications and services.

• Work with the Engineering Team to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline.

• Assist in security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed.

• Assist the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities.

• Implement cloud security controls in AWS and help automate security processes when appropriate.

• Perform security monitoring, threat analysis, and lead the incident response process

• Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls.

• Handle customer related questions and concerns around application security, vulnerabilities and bugs.

• Assist in security auditing, networking, endpoint, application, and other security areas when needed.


• 3+ years of experience in Application/Product Security preferably in SaaS

• 3+ years of experience with Cloud Security in AWS preferred

• Strong understanding of web application architecture and design principles

• Worked with a bug bounty program such as Hackerone or Bugcrowd

• Experience with a vulnerability program such as, Nessus or Qualys

• Hands-on experience of security technologies such as WAF, FIM, ConMon, SAST/DAST, etc.

• Working familiarity of common security flaws of OWASP Top 10 and SANS 25 as well as how to identify and mitigate them

• Experience with manual secure code review in languages such as, PHP and JavaScript

• Familiarity with common web application testing tools, such as Burp Suite, Zap, Qualys, and ability to apply that knowledge to practical testing scenarios

• Experience leading incident response plans and working with SIEM tools for threat analysis

• Agile, humble, trustworthy, and a team player

Bonus Points for:

• Knowledge of container security such as Docker and Kubernetes

• Experience working with operating systems and hardening (Linux and macOS)

• Certifications such as CISSP, GSEC, CEH or CISM

About Us:

FormAssembly is a leading enterprise data collection platform, built to help organizations streamline processes and drive quality form conversions. At our core, our mission is to help organizations collect, use, and be good stewards of the personal data entrusted to them.

We work across multiple industries with well-known customers, including Amazon, Aetna, Lenovo, Volvo and others. We have been recognized in the 2018 and 2019 Inc. 5000 lists of fastest growing private companies, and we are a G2 Crowd Winter 2019 Leader.

Here are some links to give you a peek into what it’s like to work at FormAssembly:

If you’re a genuinely nice person who is great to work with, respectful, and who will put the team and our customers first, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.

This is a full-time position, open to all locations (working remotely from home).


FormAssembly offers several benefits that help to facilitate a healthy team, personal growth, and a work-life balance, all of which contribute to creating a more engaged and passionate workforce.

  • Health benefits (health, dental, vision) for team members based in the United States
  • 401(k) with 4% company match for team members based in the United States
  • 4 weeks paid vacation and 9 company holidays
  • Flexible work schedule
  • Paid parental leave
  • Charitable contribution match
  • Budget for professional development
  • Company provided Mac laptop

You'll be joining a talented and fun team, working together to build something great!

Job tags: Architecture Auditing AWS Burp Suite CEH CISM CISSP Docker Incident response JavaScript Linux PHP Qualys SaaS SANS Security assessments SIEM Vulnerabilities Vulnerability management Web application testing
Share this job: