Senior Application Security Engineer
Remote, Ontario
Applications have closed
Thumbtack
Find local pros, compare prices and book home services in a few simple steps. Thumbtack makes caring for your home easier.A home is the biggest investment most people make, and yet, it doesn’t come with a manual. That's why we’re building the only app homeowners need to effortlessly manage their homes — knowing what to do, when to do it, and who to hire. With Thumbtack, millions of people care for what matters most, and pros earn billions of dollars through our platform. And as one of the fastest-growing companies in a $600B+ industry — we must be doing something right.
We are driven by a common goal and the deep satisfaction that comes from knowing our work supports local economies, helps small businesses grow, and brings homeowners peace of mind. We’re seeking people who continually put our purpose first: advocating for pros and customers, embracing change, and choosing teamwork every day.
At Thumbtack, we're creating a new era of home care. If making an impact and the chance to do good inspires you, join us. Imagine what we’ll build together.
Thumbtack by the Numbers
- Available nationwide in all 3,143 U.S. counties
- 75 million projects started on Thumbtack
- 4 million customers in the last 12 months
- Pros earn billions on our platform
- More than 9 million 5-star reviews for our stellar pros
- 1000+ employees and $3.2 billion valuation (June, 2021)
About the Security Team
At Thumbtack, application security engineers support the building of products and systems that directly impact our customers and professionals to ensure that we are deploying as secure a product as possible. We believe in tackling these hard problems together as a team, with strong values around collaboration, ownership, and transparency. To read more about the hard problems that our engineering team is taking on, visit our engineering blog.
About the Role
Thumbtack is looking for a Senior Application Security Engineer with a broad range of engineering skills, and specialized knowledge in application security, to lead security initiatives, build safe software, conduct security reviews, and potentially respond to security incidents. The ideal candidate has experience in core and security cloud services, solid Linux fundamentals, scripting, software development with modern object-oriented programming, web development, and is proficient at identifying and mitigating common web application security vulnerabilities.
Challenge
The security landscape changes rapidly with new vulnerabilities and threats emerging all the time. Staying ahead of these, understanding their implications, and applying the appropriate countermeasures is a constant challenge. Embedding security within the development process, while maintaining the speed and efficiency of DevOps, involves ongoing collaboration and communication with development teams.
Responsibilities
- Design, implement and maintain security-oriented software that makes it easier for non-security engineers to build secure products
- Collaborate with many teams and functions across Thumbtack to make technical, design, strategy, and product decisions relating to security
- Act as an internal security subject matter expert, advocating for better security practices throughout the company
- Perform security design reviews and threat modeling on-demand and as needed
- Participate in security incident response
- Grow your career in an engaged and innovative engineering community that ships transformative products and services
- Help evaluate the adoption of open source software and 3rd party integration from a security standpoint
What you’ll need
If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.
- 5+ years experience leading complex, technical, XFN projects (Data Platform or Infrastructure a plus)
- Experience and understanding of application and infrastructure security standards and best practices
- Experience in security hardening in a public cloud environment (AWS, GCP)
- Experience and proven ability in delivering secure products and services in a cloud environment
- Ability to think strategically at the program level, dive in and be hands-on in day-to-day action
- Experience in secure design and authoring security tools and libraries
Bonus points if you have
- Experience with conducting a penetration test, deploying static and dynamic code analyzers, orchestrating threat modeling and rapid risk assessments
- Hold an Offensive Security Certified Professional (OSCP) certification
- Familiarity with security frameworks such as OWASP (including Mobile) NIST CSF, NIST SP 800-x, COBIT, ISO-27001, PCI DSS
- Working experience with NIST Common Vulnerability Scoring System (CVSS) and Threat Modeling Framework such as STRIDE or PASTA
For candidates living in San Francisco / Bay Area, New York City, or Seattle metros, the expected salary range for the role is currently $180,000 - $250,000. Actual offered salaries will vary and will be based on various factors, such as calibrated job level, qualifications, skills, competencies, and proficiency for the role.
Thumbtack is a virtual-first company, meaning you can live and work from any one of our approved locations across the United States, Canada or the Philippines.* Learn more about our virtual-first working model here.
#LI-Remote
- Virtual-first working model coupled with quarterly in-person events and Camp Thumbtack
- 20+ company-wide holidays including two week-long shutdowns
- Libraries (collaborative workspaces) in San Francisco, Toronto, and Manila
- Stipends for remote work support, home office set-up and Thumbtack services
- Cell phone and WiFi reimbursements
- Subscriptions and Employee Assistance Program for mental health and well-being
Learn More About Us
- Life @ Thumbtack Blog
- How Thumbtack is embracing virtual work
- Follow us on LinkedIn
- Meet the pros who inspire us
Thumbtack embraces diversity. We are proud to be an equal opportunity workplace and do not discriminate on the basis of sex, race, color, age, pregnancy, sexual orientation, gender identity or expression, religion, national origin, ancestry, citizenship, marital status, military or veteran status, genetic information, disability status, or any other characteristic protected by federal, provincial, state, or local law. We also will consider for employment qualified applicants with arrest and conviction records, consistent with applicable law.
Thumbtack is committed to working with and providing reasonable accommodation to individuals with disabilities. If you would like to request a reasonable accommodation for a medical condition or disability during any part of the application process, please contact: recruitingops@thumbtack.com.
If you are a California resident, please review information regarding your rights under California privacy laws contained in Thumbtack’s Privacy policy available at https://www.thumbtack.com/privacy/ .
Tags: Application security AWS Cloud COBIT CVSS DevOps GCP Incident response Linux NIST Offensive security Open Source OSCP OWASP PCI DSS Privacy Risk assessment Scripting Strategy Vulnerabilities
Perks/benefits: Career development Health care Home office stipend Salary bonus Team events Transparency
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Kubernetes-related jobs