Application Security Engineer

About Glean

We’re on a mission to bring people the knowledge they need to make a difference in the world. 

Glean was founded by a seasoned team of former Google search and Facebook engineers, who wondered why we don’t have an easier way of finding what we need at work. In our personal lives, we have tools to help us find pretty much whatever we need. Why don’t we have that at work? And that was the beginning of Glean.

Glean searches across all your company’s apps to help you find exactly what you need and discover the things you should know. We’re a diverse team of curious and creative people who want to help each other get big things done—so we can help other teams do the same. 

We're backed by some of the Valley's leading venture capitalists—including Sequoia, Kleiner Perkins, Lightspeed, and General Catalyst—and have assembled a world-class team with senior leadership experience at Google, Slack, Facebook, Dropbox, Rubrik, Uber, Intercom, Pinterest, Palantir, and others.

Role

Glean is looking for an experienced Application Security Engineer who will be responsible for ensuring the security of our applications by testing web applications, browser extension, mobile applications, and developing security test cases. The successful candidate will work closely with the development and operations teams to identify and remediate security vulnerabilities throughout the software development lifecycle. 

What you will do and achieve

• Lead application security reviews and threat modeling, including code review and dynamic testing.
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Utilize state of the art technologies to do SAST, DAST and fuzz testing and where possible integrate them into CI/CD pipeline
• Create security focussed test cases and implement them in Go/Python or Java
• In future, take initiative and establish our bug bounty program which positions us as the leading authority amongst other programs.

Who you are

• BE/B.Tech in computer science, or related degree
• Minimum of 5 years of experience in application security, or security testing
• Strong knowledge of application security principles, techniques, and tools, including OWASP and CWE 25
• Experience with security testing tools such as Burp Suite, OWASP ZAP, and Nmap
• Excellent communication and interpersonal skills

Key knowledge and skills

• Thrive in a customer-focused, tight-nit and cross-functional environment - being a team player and willing to take on whatever is most impactful for the company is a must
• A proactive and positive attitude to lead, learn, troubleshoot and take ownership of both small tasks and large features
• Good coding skills (for example in Go/Python/Java/C++ etc) with ability to create security test cases and implement them
• Familiarity with cloud native development practices in GCP/AWS/Azure is a plus

We are a diverse bunch of people and we want to continue to attract and retain a diverse range of people into our organization. We're committed to an inclusive and diverse company. We do not discriminate based on gender, ethnicity, sexual orientation, religion, civil or family status, age, disability, or race.