Title: Application Security Engineer
Location: Remote, US
Podium exists to help local businesses win. Using Podium, local businesses can simplify the way they communicate with their customers from collecting payments to facilitating online reviews to launching marketing campaigns, and much more.
Our work and focus on helping local businesses thrive has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000, and Fast Company’s World’s Most Innovative Companies.
We look for people who are curious, creative and are willing to do the work to be a little better every day. We also embody our company values in all that we do, which always starts with being Customer Obsessed, followed by Be a Founder, Zero Drama, and Enjoy the Ride. Does that sound like you?
We are looking for an Application Security Engineer to help protect and architect the solutions that will keep our SaaS products and internal systems secure. Our ideal candidate has a passion for security and is a self-driven individual with a founder mentality. Our ideal candidate is someone who loves to tear applications apart, identify vulnerabilities, and knows how to design a thoroughly hardened solution resilient to attackers. You will work closely with cross-functional teams to analyze application code, conduct security assessments, and provide guidance on best practices to ensure the protection of sensitive data and the prevention of security breaches. This position will join the security engineering team at Podium; working closely with our engineering organization to help secure one of the fastest growing Communication Platforms for local businesses.
What you will be doing:
Serve as Security voice to product teams; identifying security gaps before they arise and helping provide remediation recommendations for any issues identified in the platformProviding understandable and transparent rationale for security decisions to all stakeholdersWorking with the rest of the Security team to maximize product security coverageHelp to further the Security education amongst the engineers of PodiumBuilding new application security measures to impact the platform as a wholeConducting Threat Modeling and Risk Assessment exercises for various services across our platform
What you should have:
- Minimum of 3+ years of experience securing Web Applications and APIs
- 2+ years of Software / Web Development experience
- High level software development skills; basic scripting, functional programming experience, familiarity with code repositories and deploy pipelines, etc
- Familiarity with common web application vulnerabilities and knowledge of common penetration tools such as Burp, ZAP, nmap etc..
- Basic understanding of network security and networking protocols such as TCP, UDP, HTTP and best practices for implementation.
- An understanding of microservices oriented architecture and the security pitfalls associated.
- Excellent communication and interpersonal skills, with the ability to effectively communicate complex security concepts to technical and non-technical stakeholders.
- Strong analytical thinking, problem-solving, and decision-making abilities, particularly in high-pressure situations.
- Proven track record of staying current with the latest security trends, threats, and technologies, and applying them effectively in a corporate environment.
What we hope you have:
- Experience in any of these core technologies: Elixir, Ruby, React, and/or Python
- Experience with other SaaS apps, specifically with focuses on VOIP solutions or mobile apps
- Been an active member in the security community (e.g. OSS Contributions, OWASP, conference talks, CTFs, etc.)
- Penetration testing experience