Senior Application Security Engineer

Yext (NYSE: YEXT) is building the next big thing in AI search, and the next big thing is answers.

With the explosion of information and data online, search has never been more important. However, while the world of consumer search has innovated over time, enterprise search has not. In fact, the majority of enterprise search is powered by outdated keyword technology that only scans for keywords and delivers a list of hyperlinks rather than actually answering questions. Yext, the AI Search Company, offers a modern, AI-powered Answers Platform that understands natural language so that when people ask questions about a business online they get direct answers – not links.

We have a big, audacious mission to transform the enterprise with AI search. To achieve that, we need bright minds and diverse perspectives to join our growing company and help us continue to disrupt an industry. Does this sound like you?

Yext is actively seeking a Senior Application Security Engineer reporting into the Security Office. This role will serve as a technical subject matter expert in various key areas of the product and software platform for the Application Security team such as Threat modeling, Secure code review, penetration testing and other post-deployment security monitoring. This role will enable the product and engineering teams to make the right security & privacy decisions by performing reviews, assessments and other offensive exercises and recommending best practices. This role will also help assist the Application Security leader drive the culture and awareness within Yext around Security practices and compliance initiatives. 

In today's dynamic threat environment, software firms are increasingly acknowledged as a highly-targeted industry for cyberattack due to the confidentiality and sensitivity of customer data, as well as the immediacy in which that data is needed to perform their operational duties. Given Yext’s vital role within the software ecosystem, protection of data is paramount in ensuring high-trust relationships with customers, partners and vendors.

What You'll Do 

• Design and implement security practices and standards across product and application environments 
• Threat Modeling systems and applications and performing security reviews 
• Perform detailed penetration tests of web and mobile infrastructure 
• Identifying security risks and developing mitigation strategies 
• Develop tooling and automation to facilitate continual testing and increase coverage of penetration tests and other security assessments 
• Develop system design and software best practices for engineering teams 
• Provide guidance for secure coding practices and proactive controls based on OWASP Top 10 and CIS Controls 
• Contribute to creation of security training and delivery to internal teams 
• Assist in the analysis and response to bug bounty programs 

What You Have 

• Bachelor’s Degree in Information Technology or related field of study.  
• 5 - 7 years of relevant work experience in Development or Security Engineering teams. 
• Experience in software development, ability to guide and mentor a technical engineering team in coding and scripting best practices. 
• Good understanding of modern application security frameworks and offensive security toolkits.  
• Self-motivated team player that is energetic, with excellent interpersonal and organizational skills 
• Strong leadership and negotiation skills with technical groups. 
• Experience presenting to development and architecture teams on security recommendations 
• Strong problem-solving, critical thinking and analytical skills. 
• High degree of flexibility, independence, initiative, and detail orientation. 
• Ability to present complex ideas in easy-to-understand language 

 #LI-JP1

Yext is committed to building an inclusive and diverse culture where every person is seen, heard and valued. We believe in equal employment opportunity and welcome employees and applicants of all races, colors, ethnicities, religions, creeds, national origins, ancestries, genetics, sexes, pregnancy or childbirth, sexual orientations, genders (including gender identity or nonbinary or nonconformity and/or status as a trans individual), ages, physical or mental disabilities, citizenships, marital, parental and/or familial status, past, current or prospective service in the uniformed services, or any characteristic protected under applicable law. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. If you require a reasonable accommodation in completing this application, interviewing, or participating in the employee selection process, please complete this form.