Remote Senior Application Security Engineer

Description:

• As a Senior Application Security Engineer, you will improve Glassdoor's application security posture and ensure the platform's safety for millions of customers worldwide.
• You will analyze, test, and triage application vulnerabilities, manage the public bug bounty program, and participate in code and product security reviews.
• The role involves helping developers integrate security into their daily workflows and CI/CD processes.
• You will collaborate closely with Product and Engineering teams, vendors, and external testers, requiring strong interpersonal skills.
• Responsibilities include advocating for application security, developing a risk-based application security program, and enhancing the bug bounty program and security tool stack.
• You will identify patterns in application vulnerabilities and work with engineering teams to address root causes.
• The role includes executing security-focused code, architecture, and integration reviews, coordinating penetration testing, and driving remediation efforts.
• Staying updated on the latest security issues and technologies is essential.
• You will own and improve process and procedural documentation and participate in an on-call rotation for Security Operations alert response.
• Assisting with daily security team activities, including alert and incident response, is also part of the role.

Requirements:

• A commitment to contributing to Glassdoor's culture of diversity, equity, and inclusion is essential.
• You must have 5+ years of experience in web application penetration testing or a security-focused application development role.
• Preferred certifications include AWS Security, CISSP, CEH, GWEB, GCIH, or equivalent.
• Deep knowledge of Cybersecurity Frameworks, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten is required.
• You must have a strong understanding of crypto, authentication, and authorization protocols and standards, including SSL/TLS, SAML, OAuth, and JWT Tokens.
• A relentless desire to ethically break into systems and communicate attack scenarios and mitigation options is desired.
• You should be able to read and understand Java, JavaScript, and Python.
• The ability to automate repetitive tasks using Python or another scripting language is a plus.
• You must be able to work in a diverse, fast-paced environment and collaborate effectively across teams.
• Outstanding written and oral communication skills are necessary to articulate clearly to both technical and functional audiences.

Benefits:

• The base salary range for this position is CAD $92,000.00 - $115,000.00, targeted to the market 75th percentile for technical roles.
• An annual bonus target of 10% is offered, paid in 6-month intervals aligned with performance reviews.
• Generous Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually, with additional RSU grants for exceptional performers.
• Glassdoor provides an open Paid Time Off policy, in addition to 15-20 paid company holidays per year.
• The company promotes a culture of diversity and inclusion, career growth opportunities, and a supportive work environment.
• Flexible hours and a remote-first work policy enhance work-life balance, allowing employees to manage professional and personal responsibilities effectively.