Application Security Engineer
Who we are
At Justworks, you’ll enjoy a welcoming and casual environment, great benefits, wellness program offerings, company retreats, and the ability to interact with and learn from leaders in the startup community. We work hard and care about our most prized asset - our people.
We’re helping businesses get off the ground by enabling them to focus on running their business. We solve HR issues. We’re data-driven and never stop iterating. If you’d like to work in a supportive, entrepreneurial environment, are interested in building something meaningful and having fun while doing it, we’d love to hear from you.
We're united by shared goals and shared motivations at Justworks. These are best summed up in our company values, which are reflected in our product and in our team.
Our Values
If this sounds like you, you’ll fit right in.
The job
Justworks is seeking an experienced Application Security (AppSec) Engineer to join our Security team, focused on application security and continuously enhancing our security posture as the threat landscape evolves. As a successful candidate, you have demonstrated knowledge of secure coding practices and conducting code reviews. You have a deep understanding of the fundamentals of computing and development/coding with Ruby on Rails, JavaScript and/or other languages. The candidate should also have experience in *Nix environment and the use of common cybersecurity tools.
What you'll do
- Collaborate with cross functional teams to create security requirements and deliver security risk assessments.
- Conduct manual code reviews, penetration security testing, automated security testing.
- Deliver education on secure coding practices to product engineering teams.
- Coordinate internal and external penetration testing. Validate and triage issues with engineering teams for remediation.
- Implement safeguards and countermeasures
- Coordinate threat modeling exercises and follows steps to remediate identified issues/gaps
- Enhance our testing, monitoring and continuous deployment infrastructure
- Keep extremely sensitive data compartmentalized and secure
- Detect and respond to security events and incidents
Who you are
- Minimum of 4 years of professional hands-on application security experience
- Experience designing, developing and improving access control and other core security functionality
- Strong fundamental knowledge of secure coding practices
- Strong understanding of application security architecture and ability to articulate best practices for application security
- Experience conducting manual code reviews and penetration security testing
- Experience evaluating, deploying, and managing application security tools
- Current security certifications like GCIH GWEB, CEH, OSCP, CISSP and others are nice to have but not required
Diversity at Justworks
Justworks is committed to maintaining a workplace where diversity of identity, culture, and life experience is the norm and is celebrated authentically and respected consistently. Diversity in our work, our people and our product drives creativity and innovation, entrepreneurial leadership and integrity, competitiveness and collaboration throughout our business and in the market. We depend on our differences to make our team stronger, our workplace more dynamic, and our product accessible to all of our customers.
We’re proud to be an equal opportunity employer open to all qualified applicants regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or expression, veteran status, or any other legally protected status.