Remote Senior Application Security Engineer

Description:

• As a Senior Application Security Engineer at Glassdoor, you will improve the application security posture and ensure the platform's safety for millions of customers globally.
• You will analyze, test, and triage application vulnerabilities, manage the public bug bounty program, and participate in code and product security reviews.
• The role involves helping developers integrate security into their daily workflows and CI/CD processes.
• You will collaborate closely with Product and Engineering teams, vendors, and external testers, requiring strong interpersonal skills.
• Responsibilities include advocating for application security, developing a risk-based application security program, and enhancing the bug bounty program and security tool stack.
• You will identify patterns in application vulnerabilities and work with engineering teams to address root causes.
• The position requires participation in strategic decisions regarding application security framework, processes, and technology.
• You will execute security-focused code, architecture, and integration reviews, coordinate penetration testing, and drive remediation efforts.
• Staying updated on the latest security issues and technologies is essential, as is maintaining process and procedural documentation.
• Participation in an on-call rotation for Security Operations alert response is required, along with assisting with daily security team activities.

Requirements:

• A commitment to contributing to Glassdoor's culture of diversity, equity, and inclusion is essential.
• Candidates must have 5+ years of experience in web application penetration testing or a security-focused application development role.
• Preferred certifications include AWS Security, CISSP, CEH, GWEB, GCIH, or equivalent.
• Deep knowledge of Cybersecurity Frameworks such as NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten is required.
• Candidates must have a strong understanding of crypto, authentication, and authorization protocols and standards, including SSL/TLS, SAML, OAuth, and JWT Tokens.
• A relentless desire to ethically break into systems and communicate attack scenarios and mitigation options is desired.
• The ability to read and understand Java, JavaScript, and Python is necessary.
• Experience in automating repetitive tasks using Python or other scripting languages is a plus.
• Candidates should be able to work effectively in a diverse, fast-paced environment and collaborate across teams.
• Outstanding written and oral communication skills are required, with the ability to articulate clearly to both technical and functional audiences.

Benefits:

• The base salary range for this position is $112,200.00 - $149,000.00, targeted to the market 75th percentile for technical roles.
• An annual bonus target of 10% is offered, with bonuses paid in 6-month intervals aligned with performance reviews.
• Generous Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually, with additional grants for exceptional performers.
• Health and wellness benefits include 100% employer-paid premiums for employee medical, dental, vision, life, and disability insurance, along with 80% employer-paid premiums for dependents.
• Generous paid time off programs are provided for birthing and non-birthing parents, as well as paid injury/illness leave and family emergency leave.
• An open paid time off policy is in place, in addition to 15-20 paid company holidays per year.
• A 401(k) plan with a company match up to $5,000 per year is available, along with subsidized fertility and family planning services and discounted legal assistance services.
• Glassdoor promotes a culture of diversity and inclusion, career growth opportunities, and flexibility in work arrangements.