Senior Application Security Engineer II

📋 Description

• • Join Upside, a dynamic and rapidly growing company at the forefront of transforming brick-and-mortar commerce through innovative technology. We are seeking a highly skilled and motivated Senior Application Security Engineer II to play a pivotal role in enhancing our application security posture and enabling our engineering teams to build secure and robust software. This is an individual contributor role where you will have the opportunity to innovate, implement cutting-edge security solutions, and directly impact the security of our platform, which processes billions of dollars in commerce annually.
• • As a Senior Application Security Engineer II, you will report directly to the Director of Information Security and collaborate closely with various technology stakeholders across the organization. Your primary focus will be on leveraging your deep expertise in secure coding practices, payment systems, and modern cloud architectures to proactively identify, assess, and remediate application vulnerabilities. You will be instrumental in shaping and advancing our application security program, ensuring that security is integrated into every stage of the software development lifecycle.
• • A key aspect of this role involves innovating with Artificial Intelligence (AI) to develop and deliver advanced security solutions. You will explore and implement AI-driven approaches to detect and mitigate application vulnerabilities, staying ahead of emerging threats and enhancing our defensive capabilities. This forward-thinking approach will be crucial in maintaining our competitive edge and protecting our users and business.
• • You will be responsible for conducting comprehensive security code testing, including Static Application Security Testing (SAST) and Software Composition Analysis (SCA). By analyzing code and dependencies, you will identify potential security weaknesses and work collaboratively with our engineering teams to guide them in remediating these issues effectively. Your partnership with engineers will foster a culture of security ownership and empower them to write safer code.
• • Creating detailed threat models will be a significant part of your responsibilities. You will engage with technology teams to meticulously review and document potential risks associated with our applications and systems. This proactive risk assessment process will help us understand our attack surface and implement appropriate controls to mitigate identified threats.
• • You will serve as a trusted advisor to leadership, providing expert guidance on security architecture, secure design principles, and best application security practices. Your insights will influence strategic decisions and ensure that security considerations are embedded into the foundational design of our products and services.
• • A vital component of this role is to train and upskill our engineering teams. You will develop and deliver training programs focused on secure coding techniques, common vulnerability patterns, and effective vulnerability management strategies. By enhancing the security awareness and skills of our engineers, you will contribute to a more secure development environment across the company.
• • You will actively participate in and support penetration testing initiatives. This may involve coordinating with external security firms, analyzing test results, and ensuring timely remediation of identified findings. Additionally, you will assist in the management of our bug bounty program, fostering a community of ethical hackers to help us discover and address security vulnerabilities.
• • You will also provide support for the administration of AWS Control Tower and Identity and Access Management (IAM) provisioning. This includes ensuring secure and compliant configurations within our AWS environment, managing user access, and adhering to security best practices for cloud infrastructure.
• • Staying connected with the broader security community is essential. You will actively engage with industry peers, attend relevant conferences, and stay abreast of the latest security trends, emerging threats, and new technologies. This continuous learning will ensure that Upside remains at the forefront of application security.
• • This role offers a unique opportunity to make a substantial impact on a rapidly growing company that is revolutionizing commerce. You will be part of a talented and passionate team dedicated to building a secure and scalable platform that benefits millions of users and hundreds of thousands of businesses.