Application Security Engineer

Stripe


2 weeks ago

06/12/2019 10:36:38

Job type: Full-time

Hiring from: North America only

Category: Software Dev


Stripe’s application security team is responsible for both finding bugs in our public facing applications, and designing and building mitigations for broad classes of bugs. We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Engineering (who focus on anything from core payments APIs, to powerful dashboards, to mobile apps and consumer-facing products) to move quickly without compromising on safety. Because of the nature of Stripe’s product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join.

You will:

  • Develop general techniques and frameworks that will enable other engineering teams to find flaws before they are introduced into production

  • Be a security subject matter expert and respond to internal security engineering questions/request

  • Work with other teams to help architect solutions that are inherently secure

  • Correctly balance security risk and product advancement

  • Perform penetration testing on our internal and external applications

  • Threat model existing applications

  • Support incident response when a security event occurs

  • Perform proactive research to detect new attack vectors

We’re looking for someone who has:

  • Implemented mitigations for common classes of bugs in a popular web framework before

  • Software engineering experience in production environment

  • A deep understanding of the web’s architecture

  • A knack for finding flaws in software and can effectively communicate how to fix them

  • Strong communication skills and is accustomed to working closely with a product team

  • The ability to think like an attacker and use that context to develop threat models

Please mention that you come from Remotive when applying for this job.

Help us maintain Remotive! If this link is broken, please just click to report dead link!

similar jobs

  • 1 week ago

    We are currently seeking a Senior Application Security Developer to join our Information Security team.  Are you someone who’s always probing and asking why, someone who enjoys finding smarter and more efficient solutions to problems and helping teams level-up their security practices? If you have a strong operations background with a passion for security and experience in cloud-first environments, then we want to talk to you.

    Founded in Vancouver, Canada in 2008, Clio is transforming the practice of law, for good. Whether it's our industry-leading cloud-based practice management platform, our ground-breaking Legal Trends Report or our ever-popular Clio Cloud Conference, Clio is at the forefront of advancing the legal sphere.

    With the help of the cloud, we make lawyers’ lives simpler and help them better organize and manage their legal practices. As one of Canada’s fastest-growing companies with international reach, we employ over 250 individuals with a rapidly growing customer base spanning 90 countries. Clio has been recognized as one of CIX’s Top 20 Most Influential Technology Companies, one of Canada’s Top Small & Medium Employers, and has one of Canada’s 10 Most Admired Corporate Cultures. Additionally, for the last two years, we have been recognized on Deloitte's Fast50 Fast500 lists.


    What you'll be doing:

    • Mentoring and sharing best security practices;

    • Develop and implement tools to help developers avoid security flaws;

    • Build partnerships with developments teams and provide expertise in security best practices;

    • Contribute to driving security awareness and knowledge amongst the product organization;

    • Provide detailed guidance and support to teams in vulnerability remediation;

    • Identify and implement tools for automated application scanning, static analysis and related tools;

    • Perform penetration testing;

    • Perform reactive incident response when a security event occurs;

    • Perform proactive research to detect new attack vectors;

    • Elevate and educate our security culture within Clio, contributing to our cultural values of “No doors, only windows” and “Live a learning mindset”.

    Who you are:

    • A curious person who is willing to ask many questions;

    • Someone who loves learning new things and developing creative security solutions for a fast growing, continuous integration environment;

    • 5+ years experience in some combination of the following disciplines: web application security, cloud security, infrastructure security, penetration testing, secure software development, security tools development, architecture review and threat modelling;

    • Experience with AWS, Ruby on Rails, Python, Javascript and other modern open source languages and tools.

     

    Why would you want to work here:

    We offer a great compensation package, 3 weeks vacation, a fun work environment, a great benefits plan, and an opportunity to be part of a great growth story with unlimited potential. We are looking for owl-drawers and team builders—people who work hard and play for keeps. We hire the brightest, most driven people in tech, and boast alumni from Google, Salesforce, Facebook, Amazon and LinkedIn on our team. Come and join them!

    Location:

    We are preferably looking for someone to be in our world-class office in Vancouver or Calgary. We are also open to remote options in similar time zones. 

    Need more reasons? Here are some things that make us awesome:

    • The chance to do work that matters on a product that truly changes lives. This is the place for driven people who want to make their mark.

    • The freedom to choose your own path (and change it) to build a meaningful career that works for you.

    • Excellent health and dental coverage, vacation time, parental leave options and education spending

    • An RRSP matching program

    • Regular games nights and team outings with the best coworkers you’ll ever work with

    We believe that ensuring diversity and inclusion will produce a better place to work and a better product. We encourage all candidates to apply.

  • 2 weeks ago

    Brave is looking for an experienced data engineer who can help us stay one step ahead of fraud in our Brave Rewards ecosystem.  This position is vital to help us make sure that rewards go to Brave users and creators, not to bad actors. We are looking to refine, automate, and expand the BAT ecosystem’s anti-fraud processes, and build more of the necessary tooling over time.  We are looking for somebody who always prefers a simple solution over a complex one and who can take whole solutions from end to end.


    Requirements

    • Experience with Python, JavaScript, Ruby, C++, Go, Java or other similar language

    • Experience with SQL, Postgres, and building analytics queries

    • Experience building robust API endpoints

    • Experience with complex data flow/analytics infrastructure, e.g. Kakfa, Kinesis, Redshift

    • Experience stopping bad actors in a system, e.g. ad fraud, e-commerce fraud

    • A working understanding of fraud vectors, both small scale (client-side hacks) and large scale (botnets)

    • Experience with software development via distributed development teams

    • Comfortable working in an open source setting

    • A passion for helping protect users’ privacy and security

    • Written and verbal communication skills in English

    • Proven record of getting things done

    Bonus Points

    • Have built/trained statistical / machine learning models at scale to solve real-world problems

    • Experience with ad-tech / marketing tech ecosystem

    • Familiarity with the world of cryptocurrency, especially Ethereum

  • 2 months ago

    Bishop Fox is a leading security consulting firm serving the Fortune 1000 and high-tech startups. We protect our clients by finding vulnerabilities and building defenses before the attackers can break bad. From critical infrastructure to credit cards; social media to mobile games; flight navigation systems to frozen waffle factories — we’re right there hacking away.

    We’re seeking remote senior penetration testers to join our team – and help us build a more secure world.

    Who You Are and What You’ll Do

    You are a born penetration tester; you see problems (and solutions) in everything. You instinctively know your way around source code. You’ve plundered apps and pillaged networks (legally, of course). You have a passion for hacking that goes beyond a career – it’s a way of life for you. At this point, you may have accumulated a few disclosures, blog posts, or talks under your belt. if given the chance, you could probably Hack the Gibson. 

    With Bishop Fox, your responsibilities would include testing smart devices before they hit the market, hacking networks, and reversing software. Some days, you’ll be red teaming wireless networks and participating on social engineering engagements. Other days, you’ll be analyzing source code and building threat models. Every day at Bishop Fox, you’ll be learning.

    As a consultant, you’ll solve challenging technical problems and build creative solutions. As a trusted advisor, you’ll provide your expert opinion to help our clients navigate difficult business decisions. And as a senior penetration tester, you’ll lead teams on one-of-a-kind engagements, mentor co-workers, and contribute significantly to the advancement of our consulting practice.

    Why Bishop Fox

    Bishop Fox offers competitive salary, generous benefits, flexible schedules, and negotiable travel. If you’re looking for opportunities to grow professionally, this is the place. You’ll work alongside some of the most talented and experienced security consultants in the industry.

    We have a casual workplace environment, but we‘re consummate professionals.

    Your Education and Experience

    Our wants are simple: be good at and, most importantly, love what you do. Here’s a list of qualities we’re looking for, but don’t think that you need them all: 

    • Vulnerability assessment
    • Penetration testing and code review
    • Understanding security fundamentals and common vulnerabilities (e.g., OWASP Top Ten)
    • 2 - 5 years of application security experience
    • More than 3 years of security consulting experience
    • Additional experience in IT, security engineering, system and network security, authentication and security protocols, and applied cryptography
    • Scripting/programming skills (e.g., Python, Ruby, Java, JS, etc.)
    • Network and web-related protocol knowledge (e.g., TCP/IP, UP, IPSEC, HTTP, HTTPS, routing protocols)
    • Federal and industry regulations understanding (e.g., PCI, SOX, GLBA, ISO 17799, HIPAA, CA1386)
    • Strong communication skills (i.e., written and verbal)
    • CISSP, OSCP/E, GWAPT, GPEN, or GXPN certifications are helpful, but not a necessity
    • Advanced relevant academic training is a definite bonus
    • The self-discipline to work independently; as a remote worker, the same will be asked of you as all Bishop Fox team members.

    Candidates across the country (or even the world) are welcome to apply.

    Interested? Drop us a line today.

Remotive can help!

Not sure how to apply properly to this job? Watch our live webinar « 3 Mistakes to Avoid When Looking For A Remote Startup Job (And What To Do Instead) ».

Interested to chat with Remote workers? Join our community!