Application Security Engineer
Los Angeles, CA
Applications have closed
Angi® is the home for everything home. From repairs and renovations to products and financing, Angi is transforming every touch point in home services. With over 25 years of experience and a network of nearly 250,000 pros, we have helped more than 150 million people with their home needs. Our products and technology help our customers love where they live while helping small businesses grow and thrive. We believe the home is the most important place on earth and we are at the beginning of our ambitious journey to redefine how people care for their homes - join us!
About the Opportunity:
At Angi, security is tightly woven into product and infrastructure development. We challenge our teams to build systems that are secure-by-default and to protect our users’ most sensitive data. You will be joining a team of engineers who will champion security initiatives throughout the organization. You will be building tools to make secure-by-default easy. You will be conducting regular audits/tests to identify risks and prioritizing fixes for the identified risks. You will continue to raise the bar to make our systems secure.
What you will do:
- Implement various types of scanning (SAST, SCA, DAST, etc.) in our CI/CD pipelines and ensure results are appropriately surfaced to developers.
- Implement a vulnerability detection and management program for mobile applications.
- Triage, escalate, and remediate vulnerabilities found as part of our bug bounty program.
- Work with the product management teams to prioritize fixes for vulnerabilities and work with engineering teams to understand how to fix these issues.
- Get your hands dirty by fixing vulnerabilities, building in security telemetry/instrumentation, and adding security features to our products/applications.
- Actively participate in the design and implementation of applications, services, and infrastructure to ensure security and privacy design principles are being followed by performing security reviews and threat modeling.
- Design tooling and frameworks to make adoption of security best practices easier for developers when working in our code bases.
- Deploy, manage, and tune infrastructure used to protect our applications from common vulnerability exploitation, account takeover, and denial of service attacks.
- Manage scope, scheduling, and remediation of vulnerabilities found as part of pen testing programs.
- Assist in the creation and maintenance of security training
- Actively participate in all facets of the incident response lifecycle
Who you are:
- You have a BS or an MS in Computer Science, Computer Engineering, Cyber Security, or a related field
- You have 4+ years of experience working on a security team supporting product/engineering functions, cloud infrastructure, and corporate infrastructure development
- You have experience with application/source code scanning technologies such as Fortify, Checkmarx, ShiftLeft, Veracode, etc.
- You have in-depth knowledge of security threats, applied cryptography, and risk assessments
- You have experience working with product development teams to empower them on advancing security initiatives
- You have software engineering experience (Python preferred) and an engineering mindset for building reliable / maintainable security infrastructure to support a large organization with CI/CD software engineering practices
- Willingness to learn and apply new skills and technologies
- Experience with mobile application penetration testing and mobile scanning technologies preferred.
- Knowledge of AWS and Kubernetes or related cloud / container technologies preferred
Compensation & Benefits
- The salary band for this position ranges from $110,000 - $160,000 annually, commensurate with experience and performance.
- Full medical, dental, vision package to fit your needs
- Flexible vacation policy: work hard and take time when you need it
- Pet discount plans & retirement plan with company match (401K)
#LI-Remote
Tags: Application security Audits AWS Checkmarx CI/CD Cloud Computer Science Cryptography DAST Incident response Kubernetes Pentesting Privacy Python SAST Veracode Vulnerabilities
Perks/benefits: 401(k) matching Career development Flex hours Flex vacation Health care
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Chief Information Security Officer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs