Senior Application Security Engineer
Our security team embodies a collaborative, efficient, and flexible working environment. While responsibilities are clearly defined, we share a common purpose and goal: employing all measures to protect against threats to our business, because our technology governs the treatment of millions of cancer patients. For us, application security is way more than just code reviews and penetration testing. It's about the complete development workflows, defining a security culture, and advocating for security features (like 2FA) in systems. We are always looking for new ideas and trying to make sure the best ideas rise to the top of the heap. We focus on results; we are often architects, designers and engineers, not just advisors.
- See our architectures, read our code, break the apps, and find the problems before the bad guys do (through penetration testing, ethical hacking, code review, design review, etc.).
- Build frameworks, APIs, processes, and whatever else is necessary to keep our web applications secure.
- Stay on the leading edge of security research and make sure the company responds to new things quickly.
- Build application security champions. Teach engineers how to write secure code.
- Own the responsibility of securing our products!
- Have a strong foundation in and in-depth technical knowledge of application security, particularly web application security.
- Sympathize with the complexity of being a developer and want to help make writing secure code easier.
- Can read code like a book, and write enough code to get by (our tech stack is a diverse set of technologies running across both Windows and Unix platforms in the cloud).
- Able to deal with the ambiguity associated with working in a fast paced and changing environment; self motivated and results oriented.
- Have at least 3 years relevant work experience.
- Have excellent interpersonal communication skills.