Remote Senior Application Security Engineer

Description:

• As a Senior Application Security Engineer, you will improve Glassdoor's application security posture and ensure the platform's safety for millions of customers worldwide.
• You will analyze, test, and triage application vulnerabilities, manage the public bug bounty program, and participate in code and product security reviews.
• The role involves helping developers integrate security into their daily workflows and CI/CD processes.
• You will collaborate closely with Product and Engineering teams, vendors, and external testers, requiring strong interpersonal skills.
• Responsibilities include advocating for application security, developing a risk-based application security program, and enhancing the bug bounty program and security tool stack.
• You will identify patterns in application vulnerabilities and work with Engineering teams to address root causes.
• The position requires participation in strategic decisions regarding application security framework, processes, and technology.
• You will execute security-focused code, architecture, and integration reviews, coordinate penetration testing, and drive remediation efforts.
• Staying updated on the latest security issues and technologies is essential.
• You will own and improve process and procedural documentation and participate in an on-call rotation for Security Operations alert response.
• Daily activities will include assisting with the Security team's functions to maintain security posture and compliance commitments.

Requirements:

• A commitment to contribute to Glassdoor's culture of diversity, equity, and inclusion is essential.
• You must have 5+ years of experience in web application penetration testing or a security-focused application development role.
• Preferred certifications include AWS Security, CISSP, CEH, GWEB, GCIH, or equivalent.
• Deep knowledge of Cybersecurity Frameworks, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten is required.
• You must have a strong understanding of crypto, authentication, and authorization protocols and standards, including SSL/TLS, SAML, OAuth, and JWT Tokens.
• A relentless desire to ethically break into systems and communicate attack scenarios and mitigation options is desired.
• The ability to read and understand Java, JavaScript, and Python is necessary.
• Experience in automating repetitive tasks using Python or other scripting languages is a plus.
• You should be able to work effectively in a diverse, fast-paced environment and collaborate across teams.
• Outstanding written and oral communication skills are required, with the ability to articulate clearly to both technical and functional audiences.

Benefits:

• The base salary range for this position is $112,200.00 - $149,000.00, targeted to the market 75th percentile for technical roles.
• An annual bonus target of 10% is offered, paid in 6-month intervals aligned with performance reviews.
• Generous Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually, with additional awards for exceptional performance.
• Health and wellness benefits include 100% employer-paid premiums for employee medical, dental, vision, life, and disability insurance, along with 80% employer-paid premiums for dependents.
• Generous paid time off programs are provided for birthing and non-birthing parents, as well as paid injury/illness leave and family emergency leave.
• An open Paid Time Off policy is available, in addition to 15-20 paid company holidays per year.
• A 401(k) plan with a company match up to $5,000 per year is offered, along with subsidized fertility and family planning services and discounted legal assistance services.
• Glassdoor promotes a culture of diversity and inclusion, career growth opportunities, and flexibility in work arrangements.