Application Security Engineer

Remote, US


Make your APIs easy to use and your developers successful.

View company page

We’re looking for our first dedicated application security engineer! ReadMe takes the safety and security of our customer’s data very seriously, and we need someone willing to jump into the hot seat and help ensure every bit and byte stays exactly where it should be.

This position will work directly alongside ReadMe’s engineering team, assisting to define best practices, catching potential issues before release, and creating a rock-solid approach to the storage and transfer of critical data. There’s a lot of ground to cover, and there will be ample opportunity to grow and explore other aspects of security along the way!

We're a small team of humans (and one owl) working together to do big things, and we’re growing fast! That’s where you come in. Since we’re a startup, you’ll make a big impact on ReadMe both in the daily responsibilities of your role and beyond.

🦉 What we do

ReadMe helps companies build beautiful, personalized, and interactive developer hubs. If you’ve ever visited the developer docs for Intercom, Airbnb, or Notion, you’ve used ReadMe! We love what we do because it’s so much more than just docs. We’re providing tools for teams to create and manage beautiful documentation with ease. Our Engineers are especially excited to see the impact their work can have, because they care deeply about developer experience.

You can read more about what it’s like to work at ReadMe on our careers page, or our Key Values page. We've written on our blog in the past about how we interview, and feel free to browse our other blog posts as well if it strikes your fancy!

✅ What you’ll do here

  • Perform security-focused code reviews and work as a partner with the development team to remediate concerns.

  • Lead by example by going hands-on in our codebase to help close security gaps.

  • Consult with the development team on secure approaches to product design and technical architecture.

  • Perform audits on existing software and data architecture to identify potential risks.

  • Support our bug bounty program in the verification of reports, classification of severities, and follow-ups for remediation.

  • Build automations to enable working in a secure way easy and frictionless.

  • Provide security reviews of new and existing vendors.

  • Drive initiatives to ensure adherence with security and data compliance programs.

  • Assist in defining company-wide security policies and practices.

💙 You’ll love this job if you are…

  • Passionate about the safety and security of customer data.

  • Intrigued by the challenge of applying zero trust security in a maturing organization.

  • A strong prioritizer, knowing that each baby step leads us to a more secure future.

  • Excited about applying security practices within an existing development workflow in a non-intrusive way.

  • A great teammate, helping to teach along the way.

🌱 How you’ll grow in one month

  • Gain a foundational understanding of the ReadMe application and supporting projects through a security lens.

  • Build a rapport with the development team as a proactive partner.

  • Become familiar with our existing security policies.

🪴 Within three months, you'll...

  • Actively review new code reviews related to customer data, authentication and authorization, and infrastructure.

  • Begin to build a security “short-list” of security hot items alongside engineering and product leadership that would increase our security posture.

  • Become a trusted go-to advisor during the ideation of new product initiatives and technical solutions.

🌳 Within six months, you'll...

  • Perform audits of our existing product architecture, highlighting key vulnerabilities and gaps that may remain.

  • Build automations to assist in developing a more secure product directly within our development workflow.

  • Directly assist remediation and communication in the event of a security incident in line with our incident response plan.

🛣️ What's the hiring process like?

  • We can’t wait to read your resume and (hopefully personality-filled) cover letter! Let us know what excites you about developer products, and help us get to know you better.

  • If we think we might be a good fit for you, we’ll set up a 30 minute phone chat with Kenny, our VP of Engineering. He’ll tell you more about the role, and get a chance to hear about your experiences.

  • Next will be a second 30 minute phone interview with Greg, our Founder & CEO, where we’ll dive a bit more into your background.

  • Then we’ll invite you to an "onsite" interview conducted over Zoom! These usually take 3.5 to 5 hours including an hour break in between. We are able to be flexible with the schedule and split it up over two days if that works best for you! We start with a 15-minute get-to-know-you with the team so you can meet the people you’ll be working with, and then have you talk with people one-on-one later on.

  • We’ll let you know how things went within a week! If it still seems like a good fit all around, we’ll extend you an offer. If not, we will update you to let you know so you aren’t left hanging.

✨ Our benefits include…

  • Unlimited PTO with a three-week minimum. 🏝️

  • Fully covered medical, dental, and vision insurance for you, and 100% for your dependents. 🩺

  • A One Medical membership. 🧑‍⚕️

  • A gym or fitness stipend of up to $150 per month. 🏋️

  • One-to-one donation matching of up to $1,000 per year. 💸

  • Twelve weeks of paid parental leave after the birth or adoption of a child. 🐣

  • Work from home. 🏠

  • Three offsite retreats per year to get together with coworkers and plan for the quarter ahead. ✈️

  • Take a look at our handbook for more information on our benefits! 📘

At ReadMe, we’re committed to cultivating a diverse and inclusive workplace. We welcome people of all backgrounds, experiences, abilities, and perspectives. We are an equal opportunity employer and a pleasant and supportive place to work. We'd love to have you come join us here! ReadMe is open to hiring folks fully remote in the US, hybrid, or in-person at our San Francisco HQ.

Apply now Apply later
  • Share this job via
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Tags: Application security Audits Compliance Incident response Vulnerabilities Zero Trust

Perks/benefits: Career development Fitness / gym Flex hours Flex vacation Health care Home office stipend Medical leave Parental leave Startup environment Team events Unlimited paid time off

Regions: Remote/Anywhere North America
Country: United States
Job stats:  35  14  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.