Application Security Engineer (Chicago)

LaBine & Associates - Chicago, IL

Our client's mission is to build an open financial system, and the Security Team serves a vital role ensuring that system stays safe. The Product Security team exists to protect our outermost surface area to that digital currency: the web and mobile apps our customers use and love every day. Part Architect, part Engineer, part Evangelist, and part traditional Application Security, the Product Security team is tasked with doing what’s right to help the Product Engineering teams deliver default Secure products.

Responsibilities

  • You will be working closely with a handful of product teams, helping them ship default secure, default private features and products.
  • As appropriate, you will be doing Architecture reviews and Threat Modeling of critical engineering work
  • You will help us scale the capacity and capability of the security team through automation, documentation, and safe default templating. One of our motos is ‘Never the same bug twice’. This is, undoubtedly, the most important way for us to scale default safely.
  • As developers interact with critical code paths, you will be asked to provide code reviews and feedback on the proposed changes.
  • You will review, pentest, and analyze existing code bases to uncover vulnerabilities, and help teams fix the bugs you find.
  • Based out of Chicago, we expect you to be working quite closely with our Markets team as they build the next iteration of our backend system.

Requirements

  • Programming experience or ability in one of our core languages. At current inventory, we use Ruby (Sinatra & Rails), Golang, JavaScript (Server & client flavors), Java/C++ (physical trading engine stack), Python (Data/ML stack), and Swift/Kotlin (among others for the mobile stack). You don’t need to be a whiz, but we expect you to be able to write enough to push out fixes and simple features.

  • Fluency in a risk and threat modeling methodology. You don’t need to be able to rattle off everything in the CWE as you iterate through STRIDE, but structure and fluidity in your analyses will really help you communicate efficiently across teams.

  • Mobile or Web Application Security experience. Be it source code audit, penetration testing, bug bounty triage, or code reviews, you’ll be expected to examine code with security critical eyes.

  • Strong written and verbal communication skills, specifically on security topics. The work our team does is consumed by a startling number of audiences, so being able to effectively communicate across those people will be invaluable in stopping confusion and saving roundtrips.

 



Posted On: Tuesday, May 28, 2019



Position Contact
Laura LaBine
Chief Talent Officer
(650) 393-3161
Apply to this job
or