Application Security Engineer
Remote - United States
As an Application Security Engineer for FormAssembly you will:
• Proactively perform technical security assessments against FormAssembly’s web applications and services.
• Work with the Product and Engineering Teams to provide security-focused best practices during all phases of the software development lifecycle process (SDLC) and CI/CD pipeline.
• Assist in security architecture discussions with engineering for both product and infrastructure designs and develop risk mitigation plans when needed.
• Assist the vulnerability management program and perform regularly scheduled vulnerability scans to support compliance and triage new vulnerabilities.
• Implement cloud security controls in AWS and help automate security processes when appropriate.
• Perform security monitoring, threat analysis, and lead the incident response process
• Create and maintain comprehensive documentation related to Application and Cloud Security processes and controls for the FormAssembly environment.
• Handle customer-related questions and concerns around application security, vulnerabilities and bugs.
• Assist in security auditing, networking, endpoint, application, and other security areas when needed.
• 2+ years of experience in Application/Product Security preferably in SaaS
• 2+ years of experience with Cloud Security in AWS preferred
• Strong understanding of web application architecture and design principles
• Experience managing a bug bounty program such as Hackerone/Bugcrowd or other crowdsourcing platforms.
• Experience with a vulnerability program such as Nessus or Qualys
• Hands-on experience with security technologies such as WAF, FIM, ConMon, SAST/DAST, etc.
• Working familiarity of OWASP Top 10 and SANS 25 as well as how to identify and mitigate them
• A basic understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, HTTPS).
• Familiarity with common web application testing tools, such as Burp Suite, Zap, Qualys or other open-source security industry tools.
• Experience leading incident response plans and working with SIEM tools for threat analysis.
• Knowledge of container security such as Docker and Kubernetes is a plus.
• Experience working with operating systems and hardening (Linux and macOS) a plus
• Certifications such as CISSP, GSEC, CEH or CISM a plus
• Agile, humble, trustworthy, and a team player.
FormAssembly is a 100% remote SaaS company dedicated to helping customers streamline organizational processes and be better stewards of their data and we are looking for key individuals to join our rapidly growing team.
Customers like Amazon, PayPal, Harvard, and thousands of other organizations worldwide rely on FormAssembly to capture the data they need quickly and securely. We have been recognized in the 2020 Inc. 5000 list of fastest growing private companies, and we are a G2 Crowd Winter 2021 Leader.
We're intelligent, adaptive, and growing rapidly - thanks to our impressive roster of customers.
Here are some links to give you a peek into what it’s like to work at FormAssembly:
If you’re a genuinely nice person who is great to work with, respectful, and who will put the team and our customers first, we’d be thrilled to have you apply for this position. FormAssembly is an equal opportunity employer. If you belong to an under-represented group in tech, you’ll find a welcoming culture that thrives on diversity.
This is a full-time position, open to all locations (working remotely from home).
FormAssembly offers several benefits that help to facilitate a healthy team, personal growth, and a work-life balance, all of which contribute to creating a more engaged and passionate workforce.
- Health benefits (health, dental, vision) for team members based in the United States
- 401(k) with 4% company match for team members based in the United States
- 4 weeks paid vacation and 9 company holidays
- Flexible work schedule
- Paid parental leave
- Charitable contribution match
- Budget for professional development
- Company provided Mac laptop
You'll be joining a talented and fun team, working together to build something great!
Explore more Information Security career opportunities
- Open SOC Analyst Jobs
- Open Principal Security Engineer Jobs
- Open Threat Intelligence Response Analyst Jobs
- Open IT Security Engineer Jobs
- Open Information Security Architect Jobs
- Open Vulnerability Analyst Jobs
- Open Senior Penetration Tester Jobs
- Open Senior Infrastructure Security Engineer Jobs
- Open IAM Engineer Jobs
- Open Personnel Security Officer Jobs
- Open Senior Information Security Analyst Jobs
- Open Software Security Engineer Jobs
- Open Sr. Software Engineer - Detection Engineering Jobs
- Open Senior Information Security Engineer Jobs
- Open Chief Information Security Officer Jobs
- Open Infrastructure Security Engineer Jobs
- Open Cybersecurity Analyst Jobs
- Open Staff Security Engineer Jobs
- Open Information Security Officer Jobs
- Open Staff Engineer, Cloud Security Jobs
- Open Cybersecurity Engineer Jobs
- Open Senior Incident Response Analyst Jobs
- Open Privacy Manager Jobs
- Open Manager, Cybersecurity and Trust Jobs
- Open Security Officer 3 Jobs
- Open Kubernetes-related jobs
- Open PCI-related jobs
- Open Clearance-related jobs
- Open Open Source-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open Splunk-related jobs
- Open Intrusion detection-related jobs
- Open Ruby-related jobs
- Open OSCP-related jobs
- Open Security assessments-related jobs
- Open Encryption-related jobs
- Open IPS-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open TCP/IP-related jobs
- Open HIPAA-related jobs
- Open Cryptography-related jobs
- Open Unix-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open PowerShell-related jobs