Senior Application Security Engineer

About Pagoda

Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.

About The Role

Pagoda’s growing security team is looking for an experienced Senior Application Security Engineer to focus on the advancement of modern application security practices and partner closely with our engineering and product teams to provide security recommendations and identify security issues throughout the software development lifecycle. This includes secure design reviews, threat modeling, secure code review, and penetration testing.

This team member will be responsible for the security and integrity of our applications, possessing a deep understanding of software vulnerabilities and the ability to develop effective security solutions. This role requires a strong technical background, excellent problem-solving skills, and the ability to collaborate with cross-functional teams to implement robust security measures.

What You'll Be Doing

• Support the Pagoda Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
• Collaborate and advise engineering teams on application security best practices and vulnerability remediation
• Perform deep-dive security reviews to ensure all Pagoda products and services following secure design principles across our product portfolio (web, mobile, and APIs)
• Create and deliver hands-on software security training to engineering teams to increase security awareness
• Participate in on-call rotation to support engineering teams during incidents
• Role activities:
  
  • Manual source code review
  • Adhoc Pen Testing
  • WebApp/dApp PenTesting
  • Secure program design and implementation review
  • Threat modeling
  • Continuous secure assurance activities
  • Risk identification and categorization / management
  • Engineering education and engagement
  • Ownership of internal SAST/DAST toolset[s]

What We're Looking For

• 8+ years of experience in application security 
• Has set up or helped guide the creation of an Application Security program from scratch.
• Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
• Familiarity with modern SAST/DAST tooling.  Snyk and Stackhawk are important.
• Ability to review and dissect a Bug Bounty submission.  Craft a fix and work with appropriate teams to implement
• Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
• Familiarity with and ability to understand business objectives, business context, and security risk
• Proven ability to communicate effectively with developers

We'd Love If You Have

• A passion for security and Web3
• Know Linux backwards and forwards
• Experience in building lasting connections with development teams
• Experience in a startup environment
• Professional certifications e.g. CISSP  
• Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)

Here’s What Our Interview Process Looks Like

Our interviews take place via Zoom and typically consists of the following stages:

• Recruiter Call
• Hiring Manager Call
• 1st Round
  • Bug Bounty Interview
  • Technical Assessment with Engineering 
• Final Round
  
  • Meet with CTO
  • Pagoda Values Interview

Compensation

The base salary range for this role is $176,000 - $200,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.

The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, there are other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process. 

Benefits & Perks

• Encouraged 20 days of flexible PTO per year, plus your local holidays
• Wellness weeks – 2 weeks of paid company-wide closures 
• 100% Paid medical, dental and vision, AD&D and life insurance for US employees, including 85% coverage for dependents, and HSA + FSA options; For non-US employees, 100% Paid private medical coverage available at the highest tiered plan
• Access to licensed therapists and mental health resources through Spill, 100% confidential and paid by Pagoda; plus $75 monthly reimbursement for wellness
• Generous parental leave options; All employees have access to $10,000 in fertility assistance through Carrot
• For US employees, 401(k) retirement plan available (no match)
• Annual company retreats and team offsites (2023 was in Spain; 2022 in Portugal)
• $2,000 Continued Education Reimbursement
• $2,000 Home Office Reimbursement  
• Co-working Space Reimbursement

Our Values at Pagoda

Our values express our company culture. Learn more on our careers page.

Pagoda is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, or other legally protected status.