Senior Application Security Engineer (AppSec) - Elementum - Mountain View, CA

Who is Elementum™?

Elementum helps companies get their products to market faster and more efficiently. Whether it’s a cup of coffee, the latest smartwatch, or life-saving medicine—we're accelerating the $25T product economy. How? With a suite of real-time supply chain apps that are giving traditional enterprise software companies an identity crisis. And here's the most exciting part: we're building out the world’s Product Graph™, a digital mapping of the global product economy—bigger than Facebook’s Social and LinkedIn’s Jobs Graphs COMBINED.

Reporting to the Head of Security, the principal duties and responsibilities of the Senior Application Security Engineer include but are not limited to:

  • Performing technical security assessments on our web applications, mobile clients, and architecture designs
  • Efficiently scoping blackbox, whitebox, and graybox assessments to optimize security review time and resources
  • Communicating risks effectively to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns for security topics
  • Maintaining and creating secure development practices and programs for our engineering teams and external developers
  • Acting as an ambassador for the secure development lifecycle within Elementum
  • Serving as a public ambassador for security at Elementum by engaging in internal and external speaking engagements
  • Maintaining your skillset and technical knowledge current and relevant to the technologies used at Elementum
  • Seeking out opportunities to automate processes when appropriate
  • Identifying risk in code, applications, processes, and architecture
  • Tracking and responding to issues detected during internal reviews or reported via our Bug Bounty program
  • Reviewing and validating issues reported via our Bug Bounty Program, Elementum customers, and other researchers
  • Prioritize issues and assign an appropriate CVSS score and follow up with different teams to address those issues
  • Assist and mentor junior team members in conducting security reviews

Requirements

  • Several years experience in security testing of web applications and native mobile apps
  • Deep understanding of web application architecture and design principles
  • Strong written and verbal communication skills and communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
  • Background in software engineering and common development practices in a collaborative and dynamic environment
  • Experience with manual secure code review in languages such as: JavaScript, Java, Python
  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode, Sonar Source or similar
  • Knowledge of authentication mechanisms like SAML, OAuth, etc.
  • Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
  • Ability to learn new technologies quickly and provide appropriate security advice
  • Knowledge of how to test code and applications across various platforms (iOS, Mac, Windows, Android, etc) for security and quality
  • Ability to see patterns, commonalities and investigate complex issues
  • Current or former security training or certifications such as SANS GWAPT or similar is a plus
  • Public speaking engagements or published research is also a plus
  • Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues
  • Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
  • Experience with Amazon AWS services and familiarity with Supply Chain Management products is a plus
  • Understanding of FEDRAMP, SSAE16 SOC 2, PCI DSS a big plus

Competitive Benefits:

  • Medical, Dental, and Vision are 100% covered by Elementum for employees
  • 401k matching
  • Free, daily catered lunches
  • Commuter benefits: CalTrain GoPass & WageWorks
  • Company outings
  • Casual dress code
  • Open vacation policy
  • Pets at work!
  • Engage with (and give high-fives to) senior management regularly
  • Get in on the ground floor of a huge opportunity

Apply directly at: https://boards.greenhouse.io/elementum/jobs/812016?gh_jid=812016#.WbCm_p...