Application Security Engineer
1 day ago
Alloy solves the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers.
Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how we've been continuously recognized and named one of Inc.Magazine's Best Workplaces, Forbes America's Best Startup Employers, Best Fintech to Work for by American Banker, year after year.
Check out our investors and read more about us here.
About the team
Alloy's security team is supportive, focusing on enabling the engineers to seamlessly deliver high quality software that adheres to security best practices, instead of being gatekeepers. Security is extremely important at Alloy, so this will be a high impact role with a lot of scope for growth, leadership opportunities and learning.
What you'll be doing
Reporting into the Engineering Manager of Product Security, you will:
- Assist in the evolution of our application security functions and services
- Implement, configure and monitor our security tools to help us detect and respond to new types of threats. Improve efficiency and reliability of these tools through scripting and automation.
- Act as a subject matter expert for security solutions
- Assist junior security engineers with their development
- Provide guidance and recommendations on application security best practices
- Maintain knowledge of the latest security trends, threats, and countermeasures
- Raise awareness about application security within Alloy
- Foster a culture of security, encourage the adoption of secure practices, and work to ensure that security is considered at every level of the organization.
- Work closely with engineering teams to secure their software throughout the entire software lifecycle from the design stage to monitoring post deployment
- Ensure that change management processes are adhered to across all platforms.
- Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline
- Automate security checks and scans to identify and fix vulnerabilities early in the development process.
- Conduct application security assessments and penetration tests to identify vulnerabilities and security issues
- Provide guidance to developers on secure coding practices.
- Collaborate with infrastructure and development teams to ensure that security measures are effectively implemented in production environments
- Be a key player of Alloy's vulnerability management program
- Discover application security issues in our code through penetration testing, source code review, and design review.
- Analyze risk and triage issues based on severity. Communicate the issues to relevant teams with clear recommendations on how to fix them. Assist with fixing issues as needed.
- Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
- Report and document security findings and remediation activities
- Troubleshoot production difficulties and performance constraints with security tooling, controls, and features.
- Participate in Alloy's bug intake and remediation process
- Stay vigilant and monitor ongoing security threats
- Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
- Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted of concerning activity
- Document security incidents and the extent of the damage caused by the incidents
- Participate in incident response and handle activities related to application security incidents
- Work closely with incident response teams to mitigate the impact of a breach. This may involve coordinating with other IT professionals, communicating with stakeholders, and assisting in the recovery process.
- Investigate incidents, identifying the cause, and implementing measures to prevent similar incidents in the future.
- Participate in on-call rotation
We're looking for Application Security Engineers to join our growing security team responsible for securing Alloy's applications, data and infrastructure. Application Security engineers work in cross-functional collaboration with the engineering and devops teams to manage application vulnerabilities, provide expertise on secure development practices and drive security and privacy initiatives. You have:
- A combination of education, training, and experience
- A Bachelor's Degree or comparable work experience
- 2+ years of work experience in Application Security, Information Security, or Compliance
- Commitment to continuous learning and ability to adapt to changing circumstances to stay ahead of the curve
- Experience with programming languages (such as TypeScript/JavaScript, React, and Python); awareness of potential security flaws and secure coding practices
- Familiarity with security frameworks and standards (OWASP Top Ten, ISO 27001)
- Experience with security tools and technologies (SAST, IDS/IPS, firewalls, WAF, CSPM, SCA, CI/CD, IaC)
- Experience with database and data storage design with an understanding of how database roles and permissions relate to attack surface.
- Experience working in cloud hosted SAAS environment (preferably AWS)
- Knowledgeable on public key infrastructure, symmetric and asymmetric encryption.
- Ability to critically evaluate the security of a system, identify potential vulnerabilities, and assess the impact of different security measures.
- Communication skills
- Ability to concisely communicate risk and recommendations for security issues to engineering teams
- Excellent communication skills; able to articulate complex security concepts to developers and other stakeholders in an understandable way.
- Ability to operate well in a project-oriented setting
- Capacity to manage sensitive and secret information
- Ability to handle numerous activities at once
- Well developed analytical and problem-solving capabilities
- Ability to work effectively in a team, respect different perspectives, and collaborate towards a common goal.
- Demonstrated initiative, customer orientation, and teamwork competencies
At Alloy, we strive to attract & retain talent by providing compensation that is competitive with other organizations of our size & stage. We are committed to ensuring each candidate has what they need to be successful in their role with a balanced range of compensation, equity, perks & benefits. We actively share our compensation philosophy with employees, with the goal of fostering open and honest dialogue. Finally, we work to administer our philosophy and drive consistency in order to promote equity and monitor the fairness of each outcome.
We want people to feel comfortable expressing their true selves and to come, stay, and do their best work here.
This position has a minimum base salary of $140,000 and a midpoint base salary of $165,000. The base pay may vary depending on job-related knowledge, skills, and experience. In addition to a competitive base salary, this position is also eligible for equity awards in the form of stock options (ISOs).
Benefits and Perks
- Unlimited PTO and flexible work policy
- Medical, dental, vision plans with HSA (monthly employer contribution) and FSA options
- 401k with 100% match up to 4% of annual employee compensation
- Eligible new parents receive 16 weeks of paid parental leave
- Home office stipend for new employees
- Learning & Development annual stipend
- Well-being benefits include access to OneMedical, Headspace, and more
We're a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?
How to Apply
Apply right here. You've found the application
Alloy is proud to be an equal opportunity workplace and employer. We're committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. We are committed to an inclusive interview experience and provide reasonable accommodations to applicants with visible and invisible disabilities. We encourage applicants to share needed accommodations with their recruiter.
-
Application Security Engineer
4 weeks ago
New York, New York, United States Sirius XM Radio Inc Full timeJob Summary:The Application Security Engineer will play a crucial role in supporting SiriusXM technology objectives by providing tools, guidance, and continuous support to ensure the security success of our software and applications.Key Responsibilities:Build and document security features to enable developers to write secure code.Facilitate the...
-
Application Security Engineer
4 months ago
New York, United States Sirius XM Radio Inc Full timeWho We Are: SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices. Our vision is to...
-
Senior Application Security Engineer
1 month ago
New York, United States Emergent365 Full timeSenior Application Security Engineer*This position is highly technical. As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues,...
-
Senior Application Security Engineer
2 days ago
New York, United States Tbwa ChiatDay Inc Full timeHeadway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept...
-
Senior Application Security Engineer
1 month ago
new york city, United States Emergent365 Full timeSenior Application Security Engineer*This position is highly technical. As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues,...
-
Senior Application Security Engineer
3 weeks ago
new york city, United States Emergent365 Full timeSenior Application Security Engineer*This position is highly technical. As a Senior Application Security Engineer, your role involves close collaboration with software development teams to ensure the safety of our customers during the development of innovative services. On any given day, your tasks may include code inspections to identify security issues,...
-
Software Engineer II
2 weeks ago
New York, United States Abnormal Security Full timeJob DescriptionJob DescriptionAbout the RoleAbnormal Security is hiring a Software Engineer to join the Threat Response Engine team, an essential part of our mission to protect global enterprises from diverse and evolving email threats. At Abnormal, we've taken a novel approach to email security, utilizing behavioral AI to identify and counter complex...
-
Senior Application Security Engineer New
2 weeks ago
New York, United States Tbwa ChiatDay Inc Full timeHeadway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept...
-
Application Security Engineer
4 weeks ago
New Brunswick, United States Robert Half Full timeJob DescriptionJob DescriptionWe are seeking an experienced Application Security Engineer to safeguard our software applications and ensure the security of all stages of the development process. The successful candidate will collaborate with development teams to implement security best practices, identify vulnerabilities, and work on secure coding standards....
-
Application Security Engineer
2 months ago
New Brunswick, United States Robert Half Full timeJob DescriptionJob DescriptionWe are seeking an experienced Application Security Engineer to safeguard our software applications and ensure the security of all stages of the development process. The successful candidate will collaborate with development teams to implement security best practices, identify vulnerabilities, and work on secure coding standards....
-
New York, United States Capital One Full timeAs an Application Security Engineer, Principal Associate at Capital One, you will play a critical role in securing our applications to meet the high standards of one of the most security-focused organizations in finance and technology. You will work on cutting-edge security products for various platforms and technologies, operating at massive scale....
-
Principal Associate, Application Security Engineer
2 months ago
New York, United States Capital One Full timeCenter 3 (19075), United States of America, McLean, VirginiaPrincipal Associate, Application Security EngineerApplication security is one of our highest priorities at Capital One. As a Capital One customer, you benefit from an environment built to meet the requirements of one of the most security-sensitive organizations in not only the financial industry,...
-
Head of Application Security
2 months ago
New York, United States MarketAxess Full timeAbout Us MarketAxess is on a journey to digitally transform one of the world’s largest financial markets, enabling the shift from analog, phone-based trading to a fully electronic marketplace. Why does this matter? Because our platform makes trading fixed-income more accessible, ultimately improving transparency, efficiency, and competition in the...
-
NEW YORK, United States Capital One Careers Full timeCenter 3 (19075), United States of America, McLean, VirginiaPrincipal Associate, Application Security EngineerApplication security is one of our highest priorities at Capital One. As a Capital One customer, you benefit from an environment built to meet the requirements of one of the most security-sensitive organizations in not only the financial industry,...
-
Application Security Testing Engineer
2 weeks ago
New Braunfels, United States Lcp Tracker Inc Full timePosition DescriptionApplication Security EngineerPosition SummaryLCPtracker is seeking a skilled Application Security Engineer to join our dynamic security team. In this role, you will be responsible for implementing security best practices within our software development lifecycle, identifying vulnerabilities, and collaborating with development teams to...
-
Application Security Testing Engineer
1 week ago
New Braunfels, United States Lcp Tracker Inc Full timePosition DescriptionApplication Security EngineerPosition SummaryLCPtracker is seeking a skilled Application Security Engineer to join our dynamic security team. In this role, you will be responsible for implementing security best practices within our software development lifecycle, identifying vulnerabilities, and collaborating with development teams to...
-
IT Security Engineer
4 weeks ago
New York, United States NYC Health Hospitals Full timeMetroPlusHealth provides the highest quality healthcare services to residents of Bronx, Brooklyn, Manhattan, Queens and Staten Island through a comprehensive list of products, including, but not limited to, New York State Medicaid Managed Care, Medicare, Child Health Plus, Exchange, Partnership in Care, MetroPlus Gold, Essential Plan, etc. As a wholly-owned...
-
Application Security Testing Engineer
2 weeks ago
New Braunfels, United States Lcp Tracker Inc Full time $43 - $52Position DescriptionIs this the next step in your career Find out if you are the right candidate by reading through the complete overview below.Application Security EngineerPosition SummaryLCPtracker is seeking a skilled Application Security Engineer to join our dynamic security team. In this role, you will be responsible for implementing security best...
-
Security Engineer
4 weeks ago
New York, United States Nationstaff Full timeAbout This Role We are seeking a highly capable Security Engineer / Senior Security Engineer, who will be responsible for various technical and cryptographic security aspects. This role requires a certain range of experience and an in-depth understanding of security engineering facets. Primary ResponsibilitiesPerform security analysis/audits/reviews/testing,...
-
Security Engineer
4 weeks ago
New York, United States Motion Recruitment Full timeOur client is looking for a Security Engineer to lead their security initiatives and protect sensitive company data. The role involves developing security tools, automating workflows, responding to incidents, and collaborating with engineering teams to ensure data security and governance. Ideal candidates will have, hands-on experience in DevOps/DevSecOps...
