Application Security Lead

Our Mission

SPAN develops products that accelerate the rapid adoption of renewable energy in the home. The flagship SPAN Smart Panel is the first true evolution for the traditional home electric panel, harnessing enhanced technology for metering, monitoring, and control. An expanded product suite of intelligent, integrated solutions radically lowers the cost and complexity of energy upgrades–including solar, batteries and EVs–empowering homeowners to be active, resilient and informed players in the energy market. 

The Role

We are looking for a hands-on individual with a white hat hacker mindset to join us in an Application Security Lead Role as part of the Security & IT team at SPAN. You will be responsible for building out SPAN’s application security program and architecting, developing and deploying application security tools and technologies to protect SPAN's platform and backend infrastructure.

Responsibilities include:

• Develop the secure SDLC process at SPAN and perform static security code analysis (SAST) of SPAN's code base on a regular basis and provide relevant recommendations to SPAN's developers.
• Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production.
• Perform threat modeling on existing and upcoming feature sets in the SPAN applications so that appropriate security controls can be built from the ground up.
• Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow up investigation or remediation.
• Manage the bug bounty program at SPANn and work with the developers for timely remediation of the reported issues.
• Manage external independent Application Security Testing and ensure timely remediation of issues.
• Identify all vulnerabilities originating from third party dependencies and ensure timely remediation.
• Impart ongoing secure code and application security best practices training to developers.

About You 

We are seeking an Application Security Lead who has:

• Bachelors in Computer Science or related field
• 5+ years in a security engineering or operations role
• Strong knowledge of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
• Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
• Experience with developing threat models (STRIDE, DREAD, etc.)
• Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
• Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must have
• Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
• Experience with Web Application Firewalls (WAF) desired but not a must have
  
  

The U.S. base salary range for this position is $149,000 - $204,000 plus benefits, equity and variable compensation for Sales-related roles. This range represents SPAN’s good faith estimate of competitively-priced salary for the role based on national, real-time industry data from companies of a similar growth stage. This range reflects minimum and maximum new hire salaries for the role across US locations. Within the range, individual pay is determined by location and individual factors including relevant skills, experience and education or training. This range correlates to the relative level of the candidate we believe we need for the role and may require an adjustment for candidates of a different level. 
Your recruiter can share more about the specific salary range for the location this role is based during the hiring process.   

Life at SPAN

SPAN embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. 

Headquartered in San Francisco’s vibrant SoMa neighborhood, we are an eclectic group of creative thinkers who value open communication, teamwork, and a ‘make it happen’ approach to addressing complex challenges. 

We’re hiring talented individuals who are driven by success and are passionate about shaping the future of renewable energy. If that sounds like you, we’d love for you to consider joining the rapidly growing team at SPAN.

The Perks:

⚡ Competitive compensation + equity grants at a well-funded, venture-backed company

⚡ Comprehensive benefits (including medical; dental, vision, life and disability insurance)

⚡ Comfortable, sunny office space located near BART and Caltrain public transit

⚡ Strong focus on teambuilding and company culture (events, meet-ups, clubs)

⚡ Flexible hours and unlimited PTO

Interested in joining our team? Submit an application today and we’ll be in touch with next steps!