Senior Application Security Engineer

We are looking for a Senior Application Security Engineer to join our growing team! As a Senior Application Security Engineer, you will have the opportunity to take your penetration and overall application security testing to the next level!  Our team performs everything from biometric and Web security testing to remediation, as well as creating automated security products, enabling stakeholders across CLEAR to deliver secure software.

What You Will Do:

• Partner with the company’s Product, Software Engineering, DevOps, and IT teams.
• Perform security risk assessments, manual penetration security testing, automate security testing, threat modeling, and develop/conduct education on secure coding.
• Deliver security products and consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CLEAR’s next generation CI/CD pipelines.
• Lead internal and external penetration tests across CLEAR’s most critical assets, as well as triage issues with internal stakeholders for remediation.
• Develop functional and non-functional security requirements, including delivering secure applications and services, that strike a balance of product usability.
• Foster and enable a secure by default culture.

Who You Are:

• Minimum of 3 years of experience in software development and implementing security into SDLC processes. 
• Minimum of 5 years experience. Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration.
• Comprehensive knowledge, experience, & understanding of testing for the OWASP Top 10 or CWE Top 25, including PoCs, automating attacks, and secure code remediation.
• Excellent interpersonal communication skills. Can explain very technical topics to all audiences and break down vulnerabilities to both developers and leadership.
• Personal passion for security and cutting edge security concepts.
• Required Skills:
  • Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
  • Experience with evaluating, deploying, and managing application security tools (e.g. DAST, SAST, IAST, RASP, WAF) and building strong vendor relationships.
  • Previous web application security testing or Incident Response (IR) experience, including presenting and documenting vulnerabilities, findings or incidents.
  • Experience with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud).
  • Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks to business leaders.
  • Familiarity with one or more industry standards and regulations such as PCI, NIST 800-53, FedRAMP and ISO27001.
• Desirable Skills:
  • Strong programming and scripting experience in Python, BASH, Go, Java, JavaScript or similar.
  • Experience using security testing tools such as Burp Suite, Metasploit, OWASP ZAP, nmap, Frida, etc.
  • Participates in CTFs or actively contributes to the security community (e.g. exploitation development, maintaining/publishing security tools, blogging).
  • Experience with mobile platform-specific security, privacy, and permission concepts for iOS & Android mobile platforms as well as mobile technologies such as WebViews, TouchID/FaceID API, etc.
  • Bachelor's degree or higher in Security, Computer Science, Networking, or similar.

How You'll be Rewarded:

At CLEAR we help YOU move forward - because when you’re at your best, we’re at our best. You’ll work with talented team members who are motivated by our mission of making experiences safer and easier. Our hybrid work environment provides flexibility. In our offices, you’ll enjoy benefits like meals and snacks. We invest in your well-being and learning & development with our stipend and reimbursement programs. 

We offer holistic total rewards, including comprehensive healthcare plans, family building benefits (fertility and adoption/surrogacy support), flexible time off, free OneMedical memberships for you and your dependents, and a 401(k) retirement plan with employer match. The base salary range for this role is $180,000-210,000, depending on levels of skills and experience.

The base salary range represents the low and high end of CLEAR’s salary range for this position. Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience and performance. The range listed is just one component of CLEAR’s total compensation package for employees and other rewards may include annual bonuses, commission, Restricted Stock Units

About CLEAR

Have you ever had that green-light feeling? When you hit every green light and the day just feels like magic. CLEAR's mission is to create frictionless experiences where every day has that feeling. With more than 13+ million passionate members and hundreds of partners around the world, CLEAR’s identity platform is transforming the way people live, work, and travel. Whether it’s at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - unlocking easier, more secure, and more seamless experiences - making them all feel like magic.