Application Security Engineer

San Francisco, California

Udemy, Inc. logo
Udemy, Inc.
Apply now Apply later

Overview 
As a full-stack software engineer on the Application Security team, you will be both writing code as well as using or integrating tools to keep our applications secure. This will include a range of responsibilities from authentication and authorization to compliance and automation. We focus on improving code quality and making work easier for everyone.  

Key Responsibilities

  • Work on technical problems that encompass application security, privacy, identity, and authentication
  • Work proactively to eliminate specific and general vulnerabilities  
  • Work reactively to understand the root causes of security vulnerabilities uncovered from ethical hackers, scanning software, and other sources 
  • Work with other teams to eliminate those vulnerabilities
  • Review technical designs and code-review the work of other groups to ensure that security, privacy, authorization, and fraud concerns are adequately managed for proposed and in-flight projects
  • Participate in code reviews and design discussions within the AppSec and as a consultant to other development teams
  • Participate in security incident responses when needed
  • Plan, organize, and complete work within agile sprints using common DevOps guidelines, with a heavy focus on testing, CI/CD, and automated monitoring
  • Our team runs its own services and are on-call for those services 24/7 
  • In practice, paging occurs very rarely, about once a quarter 
  • Contribute to a team culture that values openness, inclusiveness, respect, quality, robustness, scalability, and humility while fostering innovation
  • Share application security knowledge with the members of the wider engineering team through training and internal blogging
  • Use the best software development practices and processes to coach and mentor other engineers, especially with issues around security and fraud
  • Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof-of-concepts, and pilot installations

Minimum Qualifications

  • Minimum two years of experience with web application technologies including HTTP, HTML, CSS, and JavaScript
  • Minimum one year of experience with modern Javascript frameworks (e.g., React, Angular, Vue, etc.).Minimum two years of experience with object-oriented languages, ideally scripting languages like Python, Ruby, or PHP
  • Minimum two years of experience in a security roleGood knowledge of website security, such as headers, cookies, CORS, XSS, etc.
  • Good understanding of web authentication technologies such as OAuth and SAML
  • Good understanding of each OWASP top 10 vulnerability
  • Good understanding of TLS and encryption
  • Experience with hacking, pentesting, and offensive security tools (e.g., Burp Suite, Kali Linux, Nmap, Ghidra, IDA Pro, John the Ripper, Metasploit, Frida)
  • Experience with defensive tools (Any WAF, any SIEM, any security-oriented log analysis)
  • Strong technical communication skills
  • Knowledge of object-oriented software design patterns and computer science fundamentals (e.g. data structures, algorithms) 
  • Testing methods, including unit and end-to-end tests

Nice to haves:

  • A history of ethical hackingUnderstanding of security-related compliance topics such as GDPR, SOX, SOC2, PCI, ISO 27001
  • Understanding of web frameworks and ORMs (for instance, ActiveRecord in Rails)Experience with relational DBs (e.g. MySQL) including the development of complex SQL queries and their security pitfalls
  • Experience with services, Istio or other service mesh architectures, Kubernetes, Docker or other containerization technologies.
  • Experience with Kotlin
  • Contributions to open source projects
#LI-UL1
About UdemyWe believe anyone can build the life they imagine through online learning. Today, millions of students around the world are advancing their careers and passions by exploring and mastering new skills on Udemy, and expert instructors are able to share their knowledge with the world. Through our global marketplace and our solutions for businesses and governments, we connect people everywhere with the skills they need for success in work and life. We’re a close-knit bunch that enjoys problem-solving and collaboration, and we share a serious belief in the power of learning and teaching to change lives. Udemy’s culture encourages innovation, creativity, passion, and teamwork. We also celebrate our milestones and support each other every day.
Founded in 2010, Udemy is privately owned and headquartered in San Francisco’s SOMA neighborhood with offices in Denver (Colorado), Dublin (Ireland), Ankara (Turkey), Gurugram (India), and São Paulo (Brazil).
Udemy in the NewsUdemy Adds More than $1 Billion To Its Valuation in New Funding RoundUdemy’s Workplace Learning Tool Just Surpassed $100M in ARRPaid Paternity Leave Should be the Norm in the U.S.Breakdown of Most In-Demand Skills for 2020—Finance, Marketing, Sales and EngineeringHow Investing in Yourself Today Will Set You Up for Career Success TomorrowFeedback Isn’t the Problem, but the Way That We Deliver It Is Broken
Job region(s): North America
Job stats:  9  1  0
  • Share this job via
  • or

Explore more Information Security career opportunities