Sr. Application Security Engineer

Weave supports small business owners by providing an all-in-one platform to help them communicate with, and grow their customer base. With Weave’s complete business toolbox, small businesses can streamline their communication, payments and marketing - all from one place - and continually provide a phenomenal customer experience. 

At the core of Weave’s growth are our people. We are passionate about providing an amazing workplace for talented people who demonstrate our core values: Hungry, Creative, and Caring. In 2019, Weave received several significant awards, including the Fortune 100 Best Companies, Forbes Cloud 100, and Inc. 5000 fastest-growing companies.

Don’t believe us? Check out why our employees, their families, and our 20,000+ customers love Weave - Our Story or head to our Instagram page @workatweave to see what our employees are up to. 

Description

Weave’s security program is built to earn and maintain the trust of Weave’s customers, detect (and gracefully respond to) security incidents, and protect Weave against attacks. Weave is seeking to hire an experienced Senior Application Security Engineer to lead Weave’s application security engineering program, reporting directly to Weave’s Chief Information Security Officer.

Weave’s Senior Application Security Engineer will--in partnership with all of Weave’s development teams throughout the company--develop, execute, and operate a scalable and effective secure development lifecycle. 

The right candidate will have experience building relationships of trust with technical team members, experience deploying, tuning, and reviewing output produced by static code analysis tools, dependency code scanning tools, dynamic code scanning tools, and other application security tools, and performing threat models and application security reviews of the products Weave is developing. They must understand their role in identifying risks, mitigating risks, and protecting the customer experience against threats that might compromise the integrity, availability, and confidentiality of customer data. They must possess a healthy level of urgency towards and passion for employing good security practices in code development.  

Responsibilities include:

• Collaborating closely with product and development team members during the software development lifecycle to identify security risks.

• Acutely identifying vulnerabilities introduced during product development.

• Deploying, tuning, triaging, and reviewing output produced by static code analysis tools, dependency code scanning tools, dynamic code scanning tools, and other application security tools.

• Shepherding the inclusion and operation of such tools in CI/CD pipelines.

• Holding team members accountable to timelines for mitigating identified application security risks.

• Facilitating thorough application security reviews and threat modeling exercises.

• Engaging with third party penetration testing organizations to facilitate effective security tests against Weave and its products.

• Optimizing the application security review process to meet the fast-pace product development at Weave.

• “Spidering” the organization--turning over rocks to identify untreated application security risks. 

• Providing training to Weave’s development team members to build confidence in secure development practices.

• Enhancing the awareness in good security practices throughout the organization.

• Acting as the resident application security subject matter expert for all team members to engage for advice and guidance.

• Working closely with designers and engineers to deliver secure experiences to our customers.

• Defining measurable outcomes and maintaining focus on those outcomes throughout the execution of the security roadmap.

What we are looking for:

• A deep understanding of application security practices, secure code development, and application security tooling.

• The demonstrative capability to do the responsibilities described above.

• A strong desire to work at Weave because you are interested in our products, what we are working on, and who you will be working with.

• A track record of achievements in your past roles and companies.

• Demonstrated history of securing SaaS products.

• Ability to remove ambiguity and distill what matters and what doesn’t.

• A sense of humor and ability to have fun while working hard! 

Requirements/Qualifications:

• Have 8+ years experience as a full-time security researcher and/or application security engineer.

• Possess willingness to go “Mr. Robot” on all Weave systems, processes, and organizations to help identify meaningful and exploitable risks.

• Experience assessing the security configuration and hardness of systems, databases, network devices, applications, and processes used within an organization.

• Ability to write code to test vulnerabilities in code produced by and systems operated by Weave.

• Demonstrate strong integrity so as to not compromise the trust of Weave customers.

• Ability to perform security assessments, penetration tests, and other vulnerability scans on Weave systems to identify, assess, prioritize, remediate, and monitor the security of Weave systems.

• Experience working with security operations analysts to help more effectively identify nefarious activity performed by hackers.

• Knowledge of effective threat modeling skills and techniques.

• Knowledge of and experience with setting up, configuring, running, triaging, and tuning static code analysis, dependency code scanning, and dynamic code scanning tools. 

• Possess strong understanding of AWS and GCP and core services provided by AWS and GCP.

• Have a strong working knowledge of Linux, Windows, and other common compute technologies.

• Possess understanding of good security practices.  

• Demonstrate strong, effective communication skills--both written and verbal.

Benefits

• Medical, Dental, and Vision

• 401k

• Financial Planners 

• Flexible PTO

• Family Friendly (Family activities)

• New office with amenities

• Free Haircuts (Onsite Salon)

• Generous maternity/paternity policy

• Commuter benefits (UTA Pass)

• Flexible schedules (currently working from home due to Covid-19)

• Weave’s in-house coaching initiative: Help clarify goals, gain self-awareness, commit to action steps, etc.

• Career growth opportunities in hyper-growth company