Senior Application Security Engineer

About The Role & Team

At Amplitude, we’re building analytics that helps our customers use data to build better products and drive growth. We’re already the analytics platform of choice for many top product teams around the world including Microsoft, Square, Twitter, and Hubspot. Our team is defining the future of how companies interact with data to build better products.

The Trust and Security team is a blend of engineers and security-focused software engineers working in concert to develop and maintain security best-practices that are incorporated in every stage of the software development process. In addition, we develop best-practices guidelines to enable secure development, identify recurring classes of security problems, find the root cause, and develop generalized solutions. We continuously advocate and train engineers on trending security issues, assist with third-party assessments, and manage external traditional as well as crowd-sourced penetration testing engagements.

We’re looking for a senior application security engineer to up-level Amplitude’s secure software development controls, has  a deep understanding of web application security, is able to identify and prioritize potential risks in designs, code, deployed applications, isn’t afraid to take on the challenges of building and integrating security controls into Amplitude’s agile development processes and is able to adapt to engineering priorities without sacrificing security. As the team is small and fast moving, and you will be expected to iterate quickly and make software design decisions on product features.

Who You Are: 

Let’s chat if you are passionate about security, have experience working on a fast-paced engineering team, and meet most of the qualification requirements listed below.

• 7+ years of development experience at least half of which is in security engineering.  
• Successfully built tools and processes to reliably identify security issues and logic flaws across large code bases.
• Are an expert in browser security controls, are intimately familiar with the OWASP top ten, and are experienced implementing API application security best practices.
• Have in-depth experience in threat modeling and have development experience in at least two or more languages, including at least one of: JavaScript, Python, or Java. Fluency with one or more JavaScript application frameworks (React/Redux, Angular, Backbone, etc.) is a bonus.
• Enjoy performing application security reviews, are unafraid of threat modeling and consider yourself an expert when it comes to security code reviews and ethical testing. 
• Understand the unique security risks and capabilities with IaaS, PaaS, and SaaS, and are able to communicate security issues to engineers.
• Are experienced in architecting, automating, maintaining, and securing applications hosted on cloud computing platforms, AWS experience is a plus. 

Who We Are

The Company: Amplitude is filled with humble, life-long learners who are eager to help one another and the company succeed. Our values of growth mindset, ownership, and humility are core to the way we work: we’re tenacious in the face of challenges, we take the initiative to solve problems that drive our shared success, and we operate from a place of empathy and openness, seeking to understand many points of view. 

We care about the well-being of our team: along with excellent health insurance, we offer flexible time off, a monthly wellness stipend, a 12-week parental leave, and a generous Learning & Development stipend.  And when our offices are open, we offer delicious in-office lunch, dinner, & snacks, and commuting benefits.

The Product: Amplitude is a product intelligence platform– we help companies understand their users, rapidly release better product experiences, and grow their business. We’re super proud of what we’ve built and continue to build on: a platform that enables companies to thrive. 

Amplitude powers digital upstarts like Calm and Peloton and technology leaders like Microsoft and Paypal, but also 100+ year old companies like Ford, as they rethink their digital revenue strategy.

Other fun facts about Amplitude: 

• Amplitude is a tech startup to bet your career on in 2021, according to Business Insider.
• Amplitude had a record year of growth in 2020 and grew employee headcount by 24%.
• Amplitude is one of the best software products on the market according to G2.
• Founded in 2012, Amplitude is backed by Sequoia Capital, IVP, Battery Ventures, Benchmark Capital, Y Combinator and other top tier investors.
• More than 20% of the Fortune 100 are customers of Amplitude as are innovative brands such as Calm, Microsoft, Ford, NBC Universal, Hubspot, PayPal and Peloton.
• We have offices in San Francisco (HQ), New York, Amsterdam, London, Paris and Singapore.
• Our mascot is the datamonster, who loves to chow down on numbers, charts, and graphs. Nom nom.

Amplitude provides equal employment opportunities (EEO). All applicants are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.

Amplitude’s D&I Commitment: Amplitude believes that diversity enables creation of better products, ability to solve complex problems, and drive more powerful solutions. In order to make diversity possible, we commit to striving to create an environment of inclusion: an environment focused on psychological safety, empathy, and human connection, which will allow employees of all backgrounds to feel the care they need to thrive.

#LI-ME1