Senior Application Security Engineer
Remote - North America
Full Time Senior-level / Expert USD 176K - 200K
Pagoda
Build, launch, and operate new blockchain-based products and services. By developers, for developers.About Pagoda
Pagoda is shepherding a future where NEAR becomes the blockchain operating system. We believe that re-inventing how software is made and distributed is our greatest opportunity to open economic access to those who are not fully integrated into the global economy. Our products empower people to find opportunity, invent new experiences, and collaborate. Let's build an Open Web world. A world where people control their assets, data, and power of governance.
About The Role
Pagoda’s growing security team is looking for an experienced Senior Application Security Engineer to focus on the advancement of modern application security practices and partner closely with our engineering and product teams to provide security recommendations and identify security issues throughout the software development lifecycle. This includes secure design reviews, threat modeling, secure code review, and penetration testing.
This team member will be responsible for the security and integrity of our applications, possessing a deep understanding of software vulnerabilities and the ability to develop effective security solutions. This role requires a strong technical background, excellent problem-solving skills, and the ability to collaborate with cross-functional teams to implement robust security measures.
What You'll Be Doing
- Support the Pagoda Software Development Lifecycle as an application security subject matter expert through design review, threat modeling, code review, and penetration testing
- Collaborate and advise engineering teams on application security best practices and vulnerability remediation
- Perform deep-dive security reviews to ensure all Pagoda products and services following secure design principles across our product portfolio (web, mobile, and APIs)
- Create and deliver hands-on software security training to engineering teams to increase security awareness
- Participate in on-call rotation to support engineering teams during incidents
- Role activities:
- Manual source code review
- Adhoc Pen Testing
- WebApp/dApp PenTesting
- Secure program design and implementation review
- Threat modeling
- Continuous secure assurance activities
- Risk identification and categorization / management
- Engineering education and engagement
- Ownership of internal SAST/DAST toolset[s]
What We're Looking For
- 8+ years of experience in application security
- Has set up or helped guide the creation of an Application Security program from scratch.
- Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset
- Familiarity with modern SAST/DAST tooling. Snyk and Stackhawk are important.
- Ability to review and dissect a Bug Bounty submission. Craft a fix and work with appropriate teams to implement
- Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.)
- Familiarity with and ability to understand business objectives, business context, and security risk
- Proven ability to communicate effectively with developers
We'd Love If You Have
- A passion for security and Web3
- Know Linux backwards and forwards
- Experience in building lasting connections with development teams
- Experience in a startup environment
- Professional certifications e.g. CISSP
- Familiarity with using one or more programming/scripting languages (e.g., Python, Java, etc.)
Here’s What Our Interview Process Looks Like
Our interviews take place via Zoom and typically consists of the following stages:
- Recruiter Call
- Hiring Manager Call
- 1st Round
- Bug Bounty Interview
- Technical Assessment with Engineering
- Final Round
- Meet with CTO
- Pagoda Values Interview
Compensation
The base salary range for this role is $176,000 - $200,000. This reflects the minimum and maximum range across all US locations. This does not include bonus, incentives, or benefits.
The actual base pay is dependent upon many factors, such as: leveling, relevant skills, and work location. If you are based outside of the US, there are other geographic considerations that may impact your final compensation. Your recruiter can share more about the compensation and benefits applicable to your preferred location during the hiring process.
Benefits & Perks
- Encouraged 20 days of flexible PTO per year, plus your local holidays
- Wellness weeks – 2 weeks of paid company-wide closures
- 100% Paid medical, dental and vision, AD&D and life insurance for US employees, including 85% coverage for dependents, and HSA + FSA options; For non-US employees, 100% Paid private medical coverage available at the highest tiered plan
- Access to licensed therapists and mental health resources through Spill, 100% confidential and paid by Pagoda; plus $75 monthly reimbursement for wellness
- Generous parental leave options; All employees have access to $10,000 in fertility assistance through Carrot
- For US employees, 401(k) retirement plan available (no match)
- Annual company retreats and team offsites (2023 was in Spain; 2022 in Portugal)
- $2,000 Continued Education Reimbursement
- $2,000 Home Office Reimbursement
- Co-working Space Reimbursement
Our Values at Pagoda
Our values express our company culture. Learn more on our careers page.
Pagoda is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, or other legally protected status.
Tags: APIs Application security Blockchain CISSP DAST Governance Java Linux Pentesting Python SAST Scripting SDLC SSRF Vulnerabilities
Perks/benefits: 401(k) matching Career development Equity Fertility benefits Flex hours Flex vacation Health care Home office stipend Insurance Medical leave Parental leave Salary bonus Startup environment Team events Wellness
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs