Full-stack Application Security Engineer
Ann Arbor, Michigan, United States
CensysSee Your Entire Attack Surface in Real-Time. Get a current view of all of your organization's assets so you can proactively prevent targeted attacks and investigate suspicious activity.
Censys is building the most credible, robust map of the Internet through IP scanning, DNS lookups, web crawling, ingestion of millions of certificates, and new algorithms. We are a true security startup with midwestern roots and we believe that by increasing human intuition and understanding of networks, operations, and security practices, organizations can protect themselves from vulnerability and risk. We are looking for high-energy, action-oriented people who are not afraid of challenges and interested in helping build a product and culture that we’re proud of for years to come.
Censys is seeking an AppSec Engineer to help develop and secure our applications and internal services which power the application that presents our wealth of data to the customers. Our customers not only rely on our platform to be highly available and performant, but also secure.
The Platform Team is looking for an AppSec engineer to help build, test, and deploy our platform in a reliable and secure manner, as well as provide input and guidance to the rest of the engineering organization on security best practices to help ensure our customer’s data remains safe and secure.
All positions at Censys have the option to be 100% remote!
This job is a good fit if you:
- Thrive in a fast paced startup environment where changes happen quickly
- Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
- Make informed decisions by combining empirical evidence with domain expertise and good judgement
- Operate and contribute effectively as part of a team where we work together to solve problems
- You enjoy software development as much as you enjoy securing other’s code.
This job is not good fit if you:
- Think engineering’s job is done after the code is delivered.
- You are more motivated by technology than understanding customer problems
- Don’t enjoy helping and mentoring your colleagues around you
What you will bring:
- A BS, preferably in the field of Computer Science or a related field, or a combined equivalent experience and skills
- 6+ years experience in building web-based services or applications professionally
- You are comfortable developing with Python and Go, and interacting with code bases which use a service-based RPC architecture, such as gRPC.
- You are comfortable with static analysis tools and other tooling used to test code for security issues.
- You can help improve the platform starting with secure coding practices in your own code and through the review of other team member’s code.
- You can work with front-end frameworks such as React and can help manage front-end applications based on TypeScript or provide guidance where necessary.
- You can write SQL and know how to properly protect against common SQL vulnerabilities such as injection attacks. You should also know how to properly secure communication to other types of databases, such as NoSQL.
- Familiarity with CI/CD processes.
- Familiarity with NoSQL databases like Elasticsearch, Redis, and other similar technologies.
- Ability to address security at both the macro and micro level. You will need to be able to participate in architectural discussions to ensure that security practices are kept and followed.
- You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.
What you will do:
- Lead development of security features and best practices directly in our code base.
- Help to directly develop new systems and features.
- Create, implement, and maintain secure customer flows such as authentication, tenanted database access, and other critical workflows.
- Partner with product, design, and data engineering to ensure we are incorporating security best practices into new product features.
- Work on initiatives to improve our security posture based on audit results or internal code reviews.
- Help the organization achieve SOC 2 Type 2 compliance by implementing or otherwise helping design the proper mechanisms necessary for auditing and access controls.
- Work with SRE to implement security checks in our CI/CD platform, such as static code analysis and linting.
- Work with SRE to implement runtime security checks in our Kubernetes infrastructure.
We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.
Explore more Information Security career opportunities
- Open IT Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Cyber Security Engineer jobs
- Open Senior Incident Response Analyst jobs
- Open Staff Security Engineer jobs
- Open Vulnerability Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Azure Security Engineer jobs
- Open Personnel Security Officer jobs
- Open Security Operations Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Infrastructure Security Engineer jobs
- Open Cyber Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Senior Penetration Tester jobs
- Open Information Security Architect jobs
- Open Information Security Officer jobs
- Open Threat Intelligence Response Analyst jobs
- Open SOC Analyst jobs
- Open Sr. Product Security Engineer jobs
- Open Privacy Manager jobs
- Open Cybersecurity Engineer jobs
- Open Security Officer 3 jobs
- Open Cloud Security Operations Lead jobs
- Open DevOps-related jobs
- Open PCI-related jobs
- Open Threat intelligence-related jobs
- Open OWASP-related jobs
- Open Clearance-related jobs
- Open Machine Learning-related jobs
- Open IDS-related jobs
- Open Encryption-related jobs
- Open Open Source-related jobs
- Open Splunk-related jobs
- Open CEH-related jobs
- Open Forensics-related jobs
- Open Intrusion detection-related jobs
- Open Ruby-related jobs
- Open Security assessments-related jobs
- Open OSCP-related jobs
- Open Threat detection-related jobs
- Open Docker-related jobs
- Open GDPR-related jobs
- Open DevSecOps-related jobs
- Open HIPAA-related jobs
- Open IPS-related jobs
- Open Unix-related jobs
- Open TCP/IP-related jobs