Full-stack Application Security Engineer
Ann Arbor, Michigan, United States
Censys
Exposure Management, External Attack Surface Management, and Threat Hunting solutions powered by the most comprehensive dataset of internet intelligence.Censys is building the most credible, robust map of the Internet through IP scanning, DNS lookups, web crawling, ingestion of millions of certificates, and new algorithms. We are a true security startup with midwestern roots and we believe that by increasing human intuition and understanding of networks, operations, and security practices, organizations can protect themselves from vulnerability and risk. We are looking for high-energy, action-oriented people who are not afraid of challenges and interested in helping build a product and culture that we’re proud of for years to come.
Censys is seeking an AppSec Engineer to help develop and secure our applications and internal services which power the application that presents our wealth of data to the customers. Our customers not only rely on our platform to be highly available and performant, but also secure.
The Platform Team is looking for an AppSec engineer to help build, test, and deploy our platform in a reliable and secure manner, as well as provide input and guidance to the rest of the engineering organization on security best practices to help ensure our customer’s data remains safe and secure.
All positions at Censys have the option to be 100% remote!
This job is a good fit if you:
- Thrive in a fast paced startup environment where changes happen quickly
- Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
- Make informed decisions by combining empirical evidence with domain expertise and good judgement
- Operate and contribute effectively as part of a team where we work together to solve problems
- You enjoy software development as much as you enjoy securing other’s code.
This job is not good fit if you:
- Think engineering’s job is done after the code is delivered.
- You are more motivated by technology than understanding customer problems
- Don’t enjoy helping and mentoring your colleagues around you
What you will bring:
- A BS, preferably in the field of Computer Science or a related field, or a combined equivalent experience and skills
- 6+ years experience in building web-based services or applications professionally
- You are comfortable developing with Python and Go, and interacting with code bases which use a service-based RPC architecture, such as gRPC.
- You are comfortable with static analysis tools and other tooling used to test code for security issues.
- You can help improve the platform starting with secure coding practices in your own code and through the review of other team member’s code.
- You can work with front-end frameworks such as React and can help manage front-end applications based on TypeScript or provide guidance where necessary.
- You can write SQL and know how to properly protect against common SQL vulnerabilities such as injection attacks. You should also know how to properly secure communication to other types of databases, such as NoSQL.
- Familiarity with CI/CD processes.
- Familiarity with NoSQL databases like Elasticsearch, Redis, and other similar technologies.
- Ability to address security at both the macro and micro level. You will need to be able to participate in architectural discussions to ensure that security practices are kept and followed.
- You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.
What you will do:
- Lead development of security features and best practices directly in our code base.
- Help to directly develop new systems and features.
- Create, implement, and maintain secure customer flows such as authentication, tenanted database access, and other critical workflows.
- Partner with product, design, and data engineering to ensure we are incorporating security best practices into new product features.
- Work on initiatives to improve our security posture based on audit results or internal code reviews.
- Help the organization achieve SOC 2 Type 2 compliance by implementing or otherwise helping design the proper mechanisms necessary for auditing and access controls.
- Work with SRE to implement security checks in our CI/CD platform, such as static code analysis and linting.
- Work with SRE to implement runtime security checks in our Kubernetes infrastructure.
We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits CI/CD Code analysis Compliance Computer Science DNS Elasticsearch Full stack Kubernetes NoSQL Python Redis SOC 2 SQL TypeScript Vulnerabilities
Perks/benefits: Flex vacation Startup environment
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Network security-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Kubernetes-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open EDR-related jobs