About the role….
Policygenius continues to disrupt the insurance industry by delivering innovative technology-driven experiences. Our talented yet humble team is dogma-free and data oriented. We are relentless in our mission to reliably deliver outstanding products and services at scale. We are growing fast, but we can go further faster with experienced, collaborative, challenge-seeking people like yourself.
As the Senior Application Security Engineer you’d be our first AppSec Engineer joining the growing InfoSec team and helping to build a robust security culture for our Engineering team. You’d work very closely with our Site Reliability and Application Engineers to ensure Poliygenius is doing all we can to protect the company’s and our customer’s data.
You will have the mindset of a technology partner and enabler who is seen as a trusted adviser and partner. You will be able to educate, provide guidance, and help drive an appreciation for application security. Like to find the security holes in things? This role’s for you.
We are open to this role operating out of either the New York or Durham offices once we've returned to office.
In this role, you will…
- Formalize and manage a bug bounty intake and remediation process
- Lead the remediation of application vulnerability scanning and penetration testing
- Manage integration with Static and Dynamic Code Analysis tools
- Identify security exposures and develop mitigation plans
- Collaborate with cross functional teams (Engineering, DevOps, Product) while carrying out day-to-day tasks
- Integrate security into the CI/CD pipeline
- Provide guidance on secure software development at all stages of the SDLC, including architecture and design reviews
- Assist the other members of the security team during testing and purple team exercises
- Perform red team exercises utilizing automated and manual techniques
We’d love to hear from you if…
- Have 3+ years of AppSec experience: pen testing web applications, utilizing instrumentation, fuzzing, and other exploitation techniques
- Have strong communication skills and the ability to comfortably and effectively articulate security and risk related concepts to technical and non technical audiences
- Have the ability to thrive in a startup environment and experience working in an agile development lifecycle
- Know the OWASP top 10 inside and out.
- Participate in the bug bounty hunting community
- Understand the concept of least privilege and the confidentiality, integrity, and availability triad and will work to enforce those concepts in our environment
- Have experience with languages such as Ruby, Go, Python
- Have experience with secure coding practices and automating security checks in pipelines
- Are comfortable working in and across cloud environments like AWS and GCP
- Have an understanding of application security in context of a secure SDLC and CI/CD
You can expect...
- Company-paid health, dental, vision, life & disability insurance
- 401(k) plan, FSA & commuter benefits
- Generous PTO
- Training, mentorship and coaching from leadership
- The opportunity to grow alongside a company shaking up a big, old-fashioned industry
- Fun, diverse, open-minded coworkers
- Dog companionship!!!
Policygenius is America’s leading online insurance marketplace. Since 2014, our mission has been to help people get the financial protection they need (and feel good about it). We make it easy for our customers to understand their options, compare quotes, and buy insurance, all in one place. To date, we’ve helped more than 30 million people shop for all types of insurance and placed over $45 billion in coverage.
At Policygenius, we’re proud of building an environment that encourages our teammates to bring their authentic selves to work. Despite rapid growth (we’ve doubled in size year over year!), we’ve continuously maintained our inclusive culture through humility, hard-work, and humor, and we’re looking for more people with grit, collaborative attitudes, and creative problem-solving skills to join our team. Come see why we’ve been voted one of Inc. Magazine’s “Best Workplaces” two years in a row!
Diversity at Policygenius
Policygenius believes differences should be celebrated and is committed to building a team as diverse as the customers we serve. We welcome different perspectives and opinions to foster innovation, authenticity, and excellence across all parts of our company, and are committed to providing employees with a work environment free of discrimination and harassment.
As an Equal Opportunity Employer, Policygenius highly encourages applicants from all walks of life. All employment decisions at Policygenius are based on business needs, job requirements and individual qualifications without regard to actual or perceived race, color, sex, pregnancy, sexual orientation, gender identity or expression, age, national origin, political affiliation or belief, religion, disability, uniformed service, marital status or any other status protected by law.
Come join the team!