Application Security Engineer
Remote (US or Canada)
Applications have closed
Paper
With personalized tutoring, enrichment programming, and college and career support, Paper’s Educational Support System helps all your students shine in school and beyond.Driven by the mission to democratize education, Paper is the largest provider of educational support, supporting millions of students through partnerships with thousands of school districts. Paper helps deliver true educational equity through their category leading Educational Support System (ESS) that offers virtual access to 24/7 tutors and essay reviewers. Founded in 2014, Paper philosophically believes that all students should be given the tools and resources to reach their academic potential, independent of socio-economic status, geography, language or other barriers. We are headquartered in Montreal, Quebec with remote employees across the US and Canada. Paper is proud to have been named by GSV as one of the most transformational growth companies in digital learning.
Paper is looking for an Application Security Engineer to join our team. Reporting to the Director of Information Security, the Application Security Engineer is an integral part of Paper’s organization. You will help the Product Engineering team to integrate, manage and monitor Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST). You will ensure that Product Engineering pipelines and code are being tested for security risks, and integrate automation to shift-left with security capabilities, reducing the impact on developers. You will monitor Dev and Production Google Cloud Platform (GCP) environments for configuration risks, and input tickets to remediate key findings. You will bring your technical acumen to bear, to integrate application security capabilities across the organization, and monitor for Key Performance Indicators (KPIs).
Our ideal candidate has extensive technical experience as an application security engineer or Quality Engineer team member, managing security testing tools, building test cases and integrating quality processes to drive best-practice outcomes. From day one, you’ll have an immediate impact on the maturation of our Security program, and will be an important stakeholder across the Product Engineering organization.
Responsibilities:
- Build out the application security strategy for Paper, laying the foundation for how we should protect both applications and platforms that support the delivery of Papers products.
- Lead the Bug Bounty program, to monitor, test, and triage potential security bugs within Paper.
- Develop and deliver security training for both developers and Cloud Engineers.
- Integrate and manage Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), along with open-source dependency checking.
- Identify and monitor application security KPIs.
- Identify best-practices to automate and gain assurances that new and existing code base follows best practices, in accordance with OWASP and NIST standards.
- Monitor the GCP environment and configurations for best-practices, and to identify security risks that allow for exploits.
- Support and maintain the Secure Software Development Lifecycle (S-SDLC) policy to protect the company’s applications.
- Develop and maintain strong working relationships across Platform Engineering, with various development squads and leadership teams.
- Develop and manage relationships with key security vendors.
Qualifications:
- Bachelor’s degree in technology or computer science
- 3+ years experience in Quality Assurance or Application Security
- Experience with tools such as Snyk, Burp Suite, and open-source tooling to evaluate security risks.
- Experience working within GCP strongly preferred; ability to analyze infrastructure and platform configurations, and propose best-practices.
- Demonstrated project management skills
- Excellent verbal and written communication skills
Job perks:
- We’re remote-first…
- …but we still want to meet you, so we’ll fly you in for annual meetups (sometimes more)
- We’re growing fast, and so will your career
- Monthly stipend to support the growth of your home office
- Unlimited access to tutoring and educational support for children of Paper employees
- Benefits, retirement plan (+ match), stock options, and more
About Paper
Paper offers an exciting, dynamic, inclusive work environment putting excellence at the center of everything we do. Our mission is woven into the fabric of our culture, challenging our team to build meaningful and creative solutions.
We thrive when we collaborate with each other, and use integrity and selflessness to align our business decisions with our mission. We approach every challenge with positivity, achieving the outcome we want regardless of what gets in the way. Our tenacity propels our hyper-growth, where trust is key and we all strive to make an impact every day.
We believe that diverse teams build better products. Paper does not and will not discriminate on the basis of race, color, religion, gender, gender orientation, gender expression, age, national origin, disability, marital status, sexual orientation, or military status in any of its activities or operations.
Nobody checks every box, but the Paper team is built by passionate and innovative people who share our mission for democratizing education. If you don’t think you meet all of the requirements above but are still interested in the job, please apply.
PS. Equity is our mission! We make sure to treat all candidates equally: If you are interested please apply through our job board - our amazing talent team will reach out! Our team isn't able to pass on any calls/ emails our way - and this makes sure that the candidate experience is smooth and fair to everyone.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation Burp Suite Cloud Computer Science DAST Exploits GCP KPIs NIST OWASP SAST SDLC Security strategy Strategy
Perks/benefits: Career development Equity Home office stipend Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs