Who we are:

ChartHop delivers a fresh take on People Analytics, bringing disparate sources of people data together in a dynamic platform that’s visual and actionable. Unlike legacy People Analytics solutions, ChartHop is designed to be used by the whole organization. This helps companies improve organizational health, drive alignment and accountability, and save time and money. 

ChartHop plays well with dozens of platforms through robust integrations across the HR tech stack, and serves companies like BetterCloud, Lightspeed, Starburst and InVision. ChartHop was founded in 2019 by Ian White and is backed by Andreessen Horowitz. 

We’re looking for skilled and motivated people to join our team! Do you want to help companies unleash the power of their people data to plan effectively and with intention? Do you have what it takes to envision the future of work, and then to take us there? Join us!

Senior Product Security Engineer

As the first Product Security Engineer, you will help design and build out the Application and Product Security function at ChartHop. You will provide technical leadership, guidance, and mentoring on threat modeling and analysis, secure development practices, and improving the security within our product. In addition, you will be interfacing with our Engineering teams to bake in security into their workflows and pipelines.  You’ll be working on a modern stack (Kotlin, React, MongoDB, AWS). This is an excellent opportunity for someone looking to own the AppSec and Product Security function of a rapidly growing SaaS startup. 

Please note - this is a very hands-on role and shipping code will be a large part of this roles success. 

As a Product Security Engineer, you will:

• Provide hands-on remediation to development teams (i.e. writing / shipping code)
• Incorporate secure code tools, technologies, and processes in our build pipelines and work with the Head of Security on the establishment of secure development practices. 
• Work with the Head of Security to build out a successful Security Champions program. 
• Perform architectural reviews and threat analysis of product designs, identify security risks, and provide recommendations to make our products secure and resilient
• Deliver Threat Models in collaboration with engineering teams, enumerating potential attack scenarios.
• Audit source code and perform code review for critical application changes
• Establish software development practices that make security an essential part of the development process
• Develop / Integrate security into the Software Development Life Cycle
• Lead Penetration Testing remediation efforts
• Mentor software engineering teams in security best practices.
• Work with Engineering teams to prioritize security concerns, fix security risks, and provide mitigation recommendations.
• Communicate security risks and recommendations effectively with technical and non-technical audiences through verbal and written communications that lead to actionable and measurable improvements
• Provide perspective on trends, recommendations, and best practices
• Owns or co-own team level projects; executes with minimal guidance
• Influence across teams engineering and product teams (i.e. identifying and coordinating dependencies)

Requirements:

• 3+ years of experience in a software engineering, application security, or product security role
• Experience with multiple languages such as Java, Go, Python and Perl etc. and understand how to detect and remedy related security issues such as OWASP top 10.
• Deep understanding of securing web applications
• Experience with threat modeling, penetration testing and performing code & architecture reviews for web applications
• Experience with security tooling like IAST, DAST & SAST
• Experience responding to security incidents
• Experience with manual source code reviews and embedding security as code in production environments.
• Experience with deploying application security tools in the CICD pipeline
• Experience with securing a software development lifecycle, including manual and automated application security testing
• Ability to automate using Python, Java or other languages

Unsure if you meet the qualifications? We encourage AppSec Engineers, Product Security Engineers, Pen Testers, and Software Engineering professionals who are passionate about this work to apply!

ROLE KPIs

TBD with manager

Our Core Values:

We're building ChartHop to be the best People Software on the planet and that starts with hiring the best people globally. We’re building an inclusive culture we’re looking for people who embrace our core values:

• Fast: Move with intentional speed.
• Inclusive: Welcome our differences.
• Transparent: Trust, collaborate, share.
• Optimistic: Dream big, think practically.

Perks and Benefits:

• Health/benefits coverage (Medical, Dental, Vision, Life insurance, Long term and Short term disability, many more) 
• MacBook Pro
• Work from home supplies stipend
• Professional development stipend
• 20 Vacation days 
• 13 Public Holidays
• Flex Fridays
• 401K
• Parental leave
• Pet insurance
• Mental Health benefits 
• Many more 

Salary range - $180K- $210K base plus bonus and equity

Please note, our salary ranges are based on current market data. Should you feel strongly that we are not in line, we highly recommend you to reach out and let us know. We are always looking to improve on building the best place for employees!

ChartHop is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by applicable law.