Headquarters: Leesburg, VA
PhishMe's Engineering team is seeking an Application Security Engineer to assist the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.The successful candidate must have professional work experience. This is a full-time position working for PhishMe, Inc.
Outsourced or software development contractors will NOT be considered.ResponsibilitiesReview merge requests from Development and Production Engineering teams to proactively address security concerns beforechanges are merged to masterValidate and address findings from static analysis toolsPerform routine internal penetration testingDevelop and evangelize secure programming standardsConduct periodic internal software security auditsValidate, address, and document responses to security findings from third-party penetration testing engagementsOther responsibilities as requestedThe above statements are neither intended to be an all-inclusive list of the duties and responsibilities of the job described, nor are they intended to be a listing of all of the skills and abilities required to do the job.
Rather, they are intended only to describe the general nature of the job.
This job description is not a contract of employment, either express or implied.
Employment with PhishMe will be voluntarily entered into and your employment is considered at will.
PhishMe reserves the right to alter the job description at any time without notice. QualificationsSuccessful applicants must be:Passionate about application securityA self-starter who can identify work that needs to be done without waiting for directionAble to work effectively and be pragmatic as part of a remote team in a dynamic business environmentComfortable working independently but able to escalate problems when necessaryDemonstrate strong oral and written communication skillsEager to learn; able to understand and apply new things relatively quicklyWilling to mentor and guide fellow team members kindly and constructivelyEnjoy sharing knowledge via documentationCan work for eight solid hours per day where at least five overlap with 8am to 6pm EasternAvailable to work off-hours as necessaryHappy to travel occasionally for team meetings and eventsYour experience should demonstrate that you:Have extensive professional experience in information security, as a vulnerability researcher, QS engineer, or developerAre able to read and write Ruby codeCan write PoC code and documentation that clearly demonstrate vulnerabilitiesAre proficient with or able to quickly learn automation tools such as SeleniumAre able to find solutions to challenging technical puzzles with atypical constraintsCan effectively use git and understand common SCM workflowsAre able to write code that is intentional and readable rather than magically obscureEnjoy tinkeringIt would really be outstanding if you:Have previous professional, full-stack app-sec experienceCan list and demonstrate examples of the OWASP Top 10; have experience playing with railsgoatHave deep knowledge of the Ruby on Rails and Java Spring web frameworksAre familiar with BDDHave working knowledge of AWS or other cloud computing platformsHave used static analysis tools such as Brakeman and Bundler-AuditHave experience using CI environments (Jenkins/Docker)Are familiar with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprisesCan comfortably use advanced git features such as rebase, rebase -i, merge --no-ffHave attained a four-year degree in something (…anything)Have customer support experience (retail, help desk, consulting, etc.)Include a link to GitHub/GitLab/Bitbucket profileCompensationCompetitive salary and stock options401k with company matchHealth, vision, dental, disability, life insuranceTelecommuting expense reimbursementLocationLeesburg, VA or US Telecommute PhishMe is committed to equal employment opportunity.
We will not discriminate against employees or applicants for employment on any legallyrecognized basis [protected class] including, but not limited to: veteran status, uniform service member status, race, color, religion, sex, national origin, age, physical or mental disability, genetic information or any other protected class under federal, state, or local law.
To apply: To apply for this position, please follow the link below: