Full-stack Application Security Engineer

Censys is building the most credible, robust map of the Internet through IP scanning, DNS lookups, web crawling, ingestion of millions of certificates, and new algorithms. We are a true security startup with midwestern roots and we believe that by increasing human intuition and understanding of networks, operations, and security practices, organizations can protect themselves from vulnerability and risk. We are looking for high-energy, action-oriented people who are not afraid of challenges and interested in helping build a product and culture that we’re proud of for years to come. 

Censys is seeking an AppSec Engineer to help develop and secure our applications and internal services which power the application that presents our wealth of data to the customers. Our customers not only rely on our platform to be highly available and performant, but also secure.

The Platform Team is looking for an AppSec engineer to help build, test, and deploy our platform in a reliable and secure manner, as well as provide input and guidance to the rest of the engineering organization on security best practices to help ensure our customer’s data remains safe and secure.

All positions at Censys have the option to be 100% remote! 

This job is a good fit if you:

• Thrive in a fast paced startup environment where changes happen quickly
• Contribute to our culture of learning. Take ownership of issues, admit mistakes, and work to improve over time.
• Make informed decisions by combining empirical evidence with domain expertise and good judgement
• Operate and contribute effectively as part of a team where we work together to solve problems
• You enjoy software development as much as you enjoy securing other’s code.

This job is not good fit if you:

• Think engineering’s job is done after the code is delivered.
• You are more motivated by technology than understanding customer problems
• Don’t enjoy helping and mentoring your colleagues around you

What you will bring:

• A BS, preferably in the field of Computer Science or a related field, or a combined equivalent experience and skills
• 6+ years experience in building web-based services or applications professionally
• You are comfortable developing with Python and Go, and interacting with code bases which use a service-based RPC architecture, such as gRPC.
• You are comfortable with static analysis tools and other tooling used to test code for security issues.
• You can help improve the platform starting with secure coding practices in your own code and through the review of other team member’s code.
• You can work with front-end frameworks such as React and can help manage front-end applications based on TypeScript or provide guidance where necessary.
• You can write SQL and know how to properly protect against common SQL vulnerabilities such as injection attacks. You should also know how to properly secure communication to other types of databases, such as NoSQL.
• Familiarity with CI/CD processes.
• Familiarity with NoSQL databases like Elasticsearch, Redis, and other similar technologies.
• Ability to address security at both the macro and micro level. You will need to be able to participate in architectural discussions to ensure that security practices are kept and followed.

• You are a strong communicator. Explaining complex technical concepts to other engineers, designers, sales people, and content marketers is no problem for you.

What you will do:

• Lead development of security features and best practices directly in our code base. 
• Help to directly develop new systems and features.
• Create, implement, and maintain secure customer flows such as authentication, tenanted database access, and other critical workflows.
• Partner with product, design, and data engineering to ensure we are incorporating security best practices into new product features.
• Work on initiatives to improve our security posture based on audit results or internal code reviews. 
• Help the organization achieve SOC 2 Type 2 compliance by implementing or otherwise helping design the proper mechanisms necessary for auditing and access controls.
• Work with SRE to implement security checks in our CI/CD platform, such as static code analysis and linting.
• Work with SRE to implement runtime security checks in our Kubernetes infrastructure.

We value diversity and are committed to creating an inclusive environment for all employees. Censys is an equal opportunity employer.