Oh Snap!
This job is no longer active - but you can still view the details below.

Senior Application Security Engineer

| Greater NYC Area

CLEAR makes life easier and more secure by using biometrics – your fingerprints, eyes and face – to confirm that you are you, and keep you moving. Imagine a world where you can do virtually everything you need to – breeze through the airport, buy a beer at the game, check-in at the doctor’s office, access your office building, and more – without ever pulling out your wallet or phone. Now in 45+ airports and other venues nationwide, you are your ID, credit card, ticket, reservation and more with CLEAR.

We’re defining and leading an entirely new industry, moving quickly with data-informed decisions, obsessing over our customers, and investing in great people to lead the way. Recently named on CNBC’s Disruptor 50 List and winner of the SXSW Interactive Innovation Award, we’re working tirelessly to create frictionless customer experiences for our 3+ million members across the country.

We’re looking for an outstanding and passionate Senior Application Security Engineer. In this role, your primary focus will be ensuring, enforcing, and maintaining our high standards of security, specifically with regards to member data.

This role is hands on and technical while requiring a heads-up nature to identify gaps and drive the creative application of state-of-the-art security practices and controls. CLEAR is a fast and nimble company, so the ideal candidate will be able to leverage automation and data analysis to embed continuous security practices into our development and operational workflows. The application security program must be designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the ever-changing needs. Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business and technical leaders.

What you will do:

  • Work with Software Engineering and DevOps leaders to build CLEAR’s next generation build and deploy (CI/CD) system. Define technical requirements, deploy and manage tooling, build processes to handle application security issues before they are released.
  • Partner with the company’s Software Engineering, DevOps, and IT teams to ensure all new and existing software has been fully vetted and remain secure. Perform code review, security risk assessments, manual security testing, automated security testing, threat modeling, and educate developers on security best practices for security issues.
  • Lead internal and external penetration tests of CLEAR’s most critical assets, as well as triage issues with internal stakeholders for remediation.
  • Establish security standards and specifications to balance the needs of a more secure product offering with the needs of the business. Ensure all internet facing, backend services, data stores, and supporting infrastructure are built and maintained with security in mind.

Who you are:

  • 5-8 years of experience in software development and implementing security into organization wide SDLC processes.
  • Minimum of 8 years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration.
  • Has excellent interpersonal communication skills and can take very technical issues and make them understandable to all audiences.
  • Personal passion for security and cutting edge security concepts.

Required Skills:

  • Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
  • Experience writing and pentesting web applications and web services.
  • Proficient in reading many different programming languages.
  • Experience writing in one or more of the following programming languages: C/C++, Java, Ruby, Python, and JavaScript.
  • Able to evaluate, deploy, and manage application security tools (e.g. DAST, SAST, RASP, WAF) and build strong vendor relationships.
  • Experience with a public cloud based provider (Amazon Web Services, Microsoft Azure, or Google Cloud Compute)
  • Demonstrable knowledge of TCP/IP, HTTP, RESTful APIs, application security, and experience supporting service-oriented, asynchronous, and distributed application architectures.
  • Previous experience on a Security team, coordinating responses to security incidents and/or writing and presenting application security assessment reports.
  • Knowledge of containers and scheduling frameworks (e.g Kubernetes, Docker Swarm, DCOS, ECS).
  • Experience integrating security practices into continuous integration tools and pipelines.
  • Well-rounded background in host, network, and application security including knowledge of internet security issues and threat landscape
  • Candidates must be able to explain all vulnerabilities and weaknesses in the OWASP Top 10, WASC TCv2, and CWE 25 to any audience, and discuss effective defensive techniques.
  • Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks to business leaders.
  • Familiarity with one or more industry standards and regulations such as PCI, NIST 800-53, FedRAMP and ISO27001.

Desirable Skills:

  • Strong programming and scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
  • Participates in CTFs or actively contributes to the security community through exploitation development.
  • Bachelor's degree or higher in Computer Science.
Read Full Job Description
Apply now
loading ...
Emailed

Technology we use

  • Engineering
    • .NETLanguages
    • JavaLanguages
    • JavascriptLanguages
    • Node.jsFrameworks
    • PostgreSQLDatabases

Location

Our building is convenient to several trains + bus stops! If you want a change of scenery, our club level has a gym, cafe, games, and a great lounge!

An Insider's view of CLEAR

What kinds of technical challenges do you and your team face?

We constantly fight tech debt and have the buy-in from management and business to spend 25% of effort each sprint addressing tech debt. We call it the sustainability budget. This ensures the code is well designed, maintained and fun to work with. You'll do the best work of your career.

Dee

Senior Director, Engineering

How has your career grown since starting at the company?

Since joining CLEAR in 2014, I have had several opportunities to take on new and expanded responsibilities, often because I spotted opportunity and raised my hand to take it on as the company’s needs have evolved along with its growth.

Leah

Chief of Staff

What are CLEAR Perks + Benefits

Culture
Open office floor plan
Health Insurance & Wellness Benefits
Flexible Spending Account (FSA)
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Onsite Gym
Retirement & Stock Options Benefits
401(K)
Company Equity
Performance Bonus
Vacation & Time Off Benefits
Unlimited Vacation Policy
Perks & Discounts
Casual Dress
Commuter Benefits
Stocked Kitchen
Some Meals Provided
We provide free breakfast daily! One of our favorite office perks? Our fabulous chef comes in on Tuesdays (Omelette Bar!), Wednesdays (Mexican!), and Thursdays.
More Jobs at CLEAR29 open jobs
All Jobs
Data + Analytics
Dev + Engineer
HR
Legal
Operations
Product
Project Mgmt
Sales
Sales
new
New York
Developer
new
New York
Developer
new
New York
Operations
new
New York
Operations
new
New York
Operations
new
New York
HR
new
New York
HR
new
New York
HR
new
New York
HR
new
New York
Operations
new
New York
Data + Analytics
new
New York
Product
new
New York
Developer
new
New York
Project Mgmt
new
New York
Developer
new
New York
Developer
new
New York
Developer
new
New York
Developer
new
New York