View All Jobs 2724

Staff Application Security Engineer

Lead the development of SPAN’s application security program to protect user data and applications.
San Francisco, California, United States
Expert
$160,000 - 215,000 USD / year
3 months ago
Span

Span

A smarter electrical panel that unlocks whole-home, room, and appliance energy data designed to lower your energy bill.

✨ About The Role

- The role involves leading and executing application security assessments, including SAST, DAST, code reviews, and penetration testing. - Collaboration with development teams to integrate security best practices into the software development lifecycle (SDLC) is a key responsibility. - The position requires performing threat modeling on existing and upcoming feature sets to ensure appropriate security controls are implemented. - Developing and enforcing a robust Identity and Access Management posture is part of the job. - The engineer will design, implement, and maintain application security controls and solutions, leveraging hands-on coding experience. - Automating application security controls using scripting to enhance efficiency is expected. - The role includes owning the vulnerability assessment and patch triage process to support ongoing vulnerability management. - Ensuring compliance with regulatory requirements and industry standards for application security is crucial. - The engineer will stay current with the latest application security threats, vulnerabilities, and best practices to continuously improve processes and technologies.

⚡ Requirements

- A bachelor's degree in Computer Science, Information Assurance, Cyber Security, or a related field is required. - Candidates should have over 7 years of experience in a security engineering or operations role, specifically focusing on application security. - Extensive hands-on experience with security tools such as Burp Suite, SonarQube, OWASP ZAP, and Checkmarx is essential. - A strong understanding of applied cryptography, TLS/SSL, and web authentication protocols like OAuth/SAML is necessary. - Proficiency in scripting languages such as Python, Perl, PHP, or Ruby for task automation and data manipulation is expected. - Experience in developing threat models and familiarity with AWS security best practices is important. - Relevant industry certifications such as CISSP or CSSLP are considered a plus.
+ Show Original Job Post
























Staff Application Security Engineer
San Francisco, California, United States
$160,000 - 215,000 USD / year
Engineering
About Span
A smarter electrical panel that unlocks whole-home, room, and appliance energy data designed to lower your energy bill.