Application Security Engineer

Driven by the mission to democratize education, Paper is the largest provider of educational support, supporting millions of students through partnerships with thousands of school districts. Paper helps deliver true educational equity through their category leading Educational Support System (ESS) that offers virtual access to 24/7 tutors and essay reviewers. Founded in 2014, Paper philosophically believes that all students should be given the tools and resources to reach their academic potential, independent of socio-economic status, geography, language or other barriers. We are headquartered in Montreal, Quebec with remote employees across the US and Canada. Paper is proud to have been named by GSV as one of the most transformational growth companies in digital learning.

Paper is looking for an Application Security Engineer to join our team. Reporting to the Director of Information Security, the Application Security Engineer is an integral part of Paper’s organization. You will help the Product Engineering team to integrate, manage and monitor Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST).  You will ensure that Product Engineering pipelines and code are being tested for security risks, and integrate automation to shift-left with security capabilities, reducing the impact on developers.  You will monitor Dev and Production  Google Cloud Platform (GCP) environments for configuration risks, and input tickets to remediate key findings. You will bring your technical acumen to bear, to integrate application security capabilities across the organization, and monitor for Key Performance Indicators (KPIs).

Our ideal candidate has extensive technical experience as an application security engineer or Quality Engineer team member, managing security testing tools, building test cases and integrating quality processes to drive best-practice outcomes.  From day one, you’ll have an immediate impact on the maturation of our Security program, and will be an important stakeholder across the Product Engineering organization.

Responsibilities:

• Build out the application security strategy for Paper, laying the foundation for how we should protect both applications and platforms that support the delivery of Papers products.
• Lead the Bug Bounty program, to monitor, test, and triage potential security bugs within Paper.
• Develop and deliver security training for both developers and Cloud Engineers.  
• Integrate and manage Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST), along with open-source dependency checking.
• Identify and monitor application security KPIs.
• Identify best-practices to automate and gain assurances that new and existing code base follows best practices, in accordance with OWASP and NIST standards.
• Monitor the GCP environment and configurations for best-practices, and to identify security risks that allow for exploits.
• Support and maintain the Secure Software Development Lifecycle (S-SDLC) policy to protect the company’s applications.
• Develop and maintain strong working relationships across Platform Engineering, with various development squads and leadership teams.
• Develop and manage relationships with key security vendors.

Qualifications:

• Bachelor’s degree in technology or computer science
• 3+ years experience in Quality Assurance or Application Security
• Experience with tools such as Snyk, Burp Suite, and open-source tooling to evaluate security risks.
• Experience working within GCP strongly preferred; ability to analyze infrastructure and platform configurations, and propose best-practices.
• Demonstrated project management skills
• Excellent verbal and written communication skills

Job perks:

• We’re remote-first…
• …but we still want to meet you, so we’ll fly you in for annual meetups (sometimes more)
• We’re growing fast, and so will your career
• Monthly stipend to support the growth of your home office
• Unlimited access to tutoring and educational support for children of Paper employees
• Benefits, retirement plan (+ match), stock options, and more

About Paper

Paper offers an exciting, dynamic, inclusive work environment putting excellence at the center of everything we do. Our mission is woven into the fabric of our culture, challenging our team to build meaningful and creative solutions. 

We thrive when we collaborate with each other, and use integrity and selflessness to align our business decisions with our mission. We approach every challenge with positivity, achieving the outcome we want regardless of what gets in the way. Our tenacity propels our hyper-growth, where trust is key and we all strive to make an impact every day.

We believe that diverse teams build better products. Paper does not and will not discriminate on the basis of race, color, religion, gender, gender orientation, gender expression, age, national origin, disability, marital status, sexual orientation, or military status in any of its activities or operations.

Nobody checks every box, but the Paper team is built by passionate and innovative people who share our mission for democratizing education. If you don’t think you meet all of the requirements above but are still interested in the job, please apply.

PS. Equity is our mission! We make sure to treat all candidates equally: If you are interested please apply through our job board - our amazing talent team will reach out! Our team isn't able to pass on any calls/ emails our way - and this makes sure that the candidate experience is smooth and fair to everyone.