Senior Application Security Engineer
Lehi, Utah, United States
Weave HQ
Weave brings together a world-class phone system and a suite of communication tools, so it's easy to automate more tasks, keep schedules full, get paid faster, collect more reviews and much more.Weave’s Senior Application Security Engineer will partner with all of Weave’s development teams throughout the company to develop, execute, and operate a scalable and effective secure development lifecycle.
- This position will be remote
- Reports to: Head of Security
What You Will Own
- Collaborating closely with product and development team members during the software development lifecycle to identify security risks.
- Acutely identifying vulnerabilities introduced during product development.
- Deploying, tuning, triaging, and reviewing output produced by static code analysis tools, dependency code scanning tools, dynamic code scanning tools, and other application security tools.
- Shepherding the inclusion and operation of such tools in CI/CD pipelines.
- Holding team members accountable to timelines for mitigating identified application security risks.
- Facilitating thorough application security reviews and threat modeling exercises.
- Engaging with third party penetration testing organizations to facilitate effective security tests against Weave and its products.
- Optimizing the application security review process to meet the fast-pace product development at Weave.
- “Spidering” the organization--turning over rocks to identify untreated application security risks.
- Providing training to Weave’s development team members to build confidence in secure development practices.
- Enhancing the awareness in good security practices throughout the organization.
- Acting as the resident application security subject matter expert for all team members to engage for advice and guidance.
- Working closely with designers and engineers to deliver secure experiences to our customers.
- Defining measurable outcomes and maintaining focus on those outcomes throughout the execution of the security roadmap.
What You Will Need to Accomplish the Job
- A deep understanding of application security practices, secure code development, and application security tooling.
- 8+ years experience as a full-time security researcher and/or application security engineer.
- Possess willingness to go “Mr. Robot” on all Weave systems, processes, and organizations to help identify meaningful and exploitable risks.
- Experience assessing the security configuration and hardness of systems, databases, network devices, applications, and processes used within an organization.
- Ability to write code to test vulnerabilities in code produced by and systems operated by Weave.
- Demonstrate strong integrity so as to not compromise the trust of Weave customers.
- Ability to perform security assessments, penetration tests, and other vulnerability scans on Weave systems to identify, assess, prioritize, remediate, and monitor the security of Weave systems.
- Experience working with security operations analysts to help more effectively identify nefarious activity performed by hackers.
- Knowledge of effective threat modeling skills and techniques.
- Knowledge of and experience with setting up, configuring, running, triaging, and tuning static code analysis, dependency code scanning, and dynamic code scanning tools.
- Possess strong understanding of AWS and GCP and core services provided by AWS and GCP.
- Have a strong working knowledge of Linux, Windows, and other common compute technologies.
- Possess understanding of good security practices.
- Demonstrate strong, effective communication skills--both written and verbal.
What Will Make Us Love You
- A strong desire to work at Weave because you are interested in our products, what we are working on, and who you will be working with.
- A track record of achievements in your past roles and companies.
- Demonstrated history of securing SaaS products.
- Ability to remove ambiguity and distill what matters and what doesn’t.
- A sense of humor and ability to have fun while working hard!
Weave is an equal opportunity employer that is committed to diversity and inclusion. We welcome anyone who is hungry to learn, problem-solve and progress regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, veteran status, or other applicable legally protected characteristics.
If you have a disability or special need that requires accommodation, please let us know.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS CI/CD Code analysis GCP Linux Pentesting SaaS SDLC Security assessment Vulnerabilities Vulnerability scans Windows
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Information Security Specialist jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Windows-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open Malware-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs
- Open CEH-related jobs
- Open IPS-related jobs