Application Security Engineer
2 months ago
Alloy solves the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers.
Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how we've been continuously recognized and named one of Inc.Magazine's Best Workplaces, Forbes America's Best Startup Employers, Best Fintech to Work for by American Banker, year after year.
Check out our investors and read more about us here.
About the team
Alloy's security team is supportive, focusing on enabling the engineers to seamlessly deliver high quality software that adheres to security best practices, instead of being gatekeepers. Security is extremely important at Alloy, so this will be a high impact role with a lot of scope for growth, leadership opportunities and learning.
What you'll be doing
Reporting into the Engineering Manager of Product Security, you will:
- Assist in the evolution of our application security functions and services
- Implement, configure and monitor our security tools to help us detect and respond to new types of threats. Improve efficiency and reliability of these tools through scripting and automation.
- Act as a subject matter expert for security solutions
- Assist junior security engineers with their development
- Provide guidance and recommendations on application security best practices
- Maintain knowledge of the latest security trends, threats, and countermeasures
- Raise awareness about application security within Alloy
- Foster a culture of security, encourage the adoption of secure practices, and work to ensure that security is considered at every level of the organization.
- Work closely with engineering teams to secure their software throughout the entire software lifecycle from the design stage to monitoring post deployment
- Ensure that change management processes are adhered to across all platforms.
- Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline
- Automate security checks and scans to identify and fix vulnerabilities early in the development process.
- Conduct application security assessments and penetration tests to identify vulnerabilities and security issues
- Provide guidance to developers on secure coding practices.
- Collaborate with infrastructure and development teams to ensure that security measures are effectively implemented in production environments
- Be a key player of Alloy's vulnerability management program
- Discover application security issues in our code through penetration testing, source code review, and design review.
- Analyze risk and triage issues based on severity. Communicate the issues to relevant teams with clear recommendations on how to fix them. Assist with fixing issues as needed.
- Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
- Report and document security findings and remediation activities
- Troubleshoot production difficulties and performance constraints with security tooling, controls, and features.
- Participate in Alloy's bug intake and remediation process
- Stay vigilant and monitor ongoing security threats
- Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
- Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted of concerning activity
- Document security incidents and the extent of the damage caused by the incidents
- Participate in incident response and handle activities related to application security incidents
- Work closely with incident response teams to mitigate the impact of a breach. This may involve coordinating with other IT professionals, communicating with stakeholders, and assisting in the recovery process.
- Investigate incidents, identifying the cause, and implementing measures to prevent similar incidents in the future.
- Participate in on-call rotation
We're looking for Application Security Engineers to join our growing security team responsible for securing Alloy's applications, data and infrastructure. Application Security engineers work in cross-functional collaboration with the engineering and devops teams to manage application vulnerabilities, provide expertise on secure development practices and drive security and privacy initiatives. You have:
- A combination of education, training, and experience
- A Bachelor's Degree or comparable work experience
- 2+ years of work experience in Application Security, Information Security, or Compliance
- Commitment to continuous learning and ability to adapt to changing circumstances to stay ahead of the curve
- Experience with programming languages (such as TypeScript/JavaScript, React, and Python); awareness of potential security flaws and secure coding practices
- Familiarity with security frameworks and standards (OWASP Top Ten, ISO 27001)
- Experience with security tools and technologies (SAST, IDS/IPS, firewalls, WAF, CSPM, SCA, CI/CD, IaC)
- Experience with database and data storage design with an understanding of how database roles and permissions relate to attack surface.
- Experience working in cloud hosted SAAS environment (preferably AWS)
- Knowledgeable on public key infrastructure, symmetric and asymmetric encryption.
- Ability to critically evaluate the security of a system, identify potential vulnerabilities, and assess the impact of different security measures.
- Communication skills
- Ability to concisely communicate risk and recommendations for security issues to engineering teams
- Excellent communication skills; able to articulate complex security concepts to developers and other stakeholders in an understandable way.
- Ability to operate well in a project-oriented setting
- Capacity to manage sensitive and secret information
- Ability to handle numerous activities at once
- Well developed analytical and problem-solving capabilities
- Ability to work effectively in a team, respect different perspectives, and collaborate towards a common goal.
- Demonstrated initiative, customer orientation, and teamwork competencies
At Alloy, we strive to attract & retain talent by providing compensation that is competitive with other organizations of our size & stage. We are committed to ensuring each candidate has what they need to be successful in their role with a balanced range of compensation, equity, perks & benefits. We actively share our compensation philosophy with employees, with the goal of fostering open and honest dialogue. Finally, we work to administer our philosophy and drive consistency in order to promote equity and monitor the fairness of each outcome.
We want people to feel comfortable expressing their true selves and to come, stay, and do their best work here.
This position has a minimum base salary of $140,000 and a midpoint base salary of $165,000. The base pay may vary depending on job-related knowledge, skills, and experience. In addition to a competitive base salary, this position is also eligible for equity awards in the form of stock options (ISOs).
Benefits and Perks
- Unlimited PTO and flexible work policy
- Medical, dental, vision plans with HSA (monthly employer contribution) and FSA options
- 401k with 100% match up to 4% of annual employee compensation
- Eligible new parents receive 16 weeks of paid parental leave
- Home office stipend for new employees
- Learning & Development annual stipend
- Well-being benefits include access to OneMedical, Headspace, and more
We're a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?
How to Apply
Apply right here. You've found the application
Alloy is proud to be an equal opportunity workplace and employer. We're committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. We are committed to an inclusive interview experience and provide reasonable accommodations to applicants with visible and invisible disabilities. We encourage applicants to share needed accommodations with their recruiter.
-
** APPLICATION SECURITY ENGINEER
6 days ago
New York, United States CyberTec Full time** APPLICATION SECURITY ENGINEER / DEVSECOPS *** 5 days a week onsite in NYC Appsec engineer Burpsuite is a must Rate as low as possible but I need the best people Client confidential No h1B Application Security Engineering Burpsuite experience Mobile and web application architecture/security I am looking for: - Application Security Engineer / DevSecOps -...
-
Senior Application Security Engineer
1 month ago
New York, United States Disability Solutions Full timeABOUT THE ROLEThe Senior Application Security Engineer is instrumental in ensuring Peloton's applications, services and systems are implemented and secured with industry standard processes. The candidate will help define and mature the application security program, security policy and standards and will coordinate with engineering and platform partners to...
-
Kubernetes & Application Security Engineer
5 days ago
New York, United States Genius Sports Full timeA bit about us Do you want to join one of the world's fastest growing sports technology companies? Genius Sports is at the epicentre of the global network connecting sports, brands and fans through official live data. Our mission is simple. We champion a more sustainable sports data ecosystem that benefits all parties. We're looking for enthusiastic and...
-
Senior Application Security Engineer
3 days ago
New York, United States Tbwa ChiatDay Inc Full timeHeadway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept...
-
Kubernetes & Application Security Engineer
12 hours ago
New York, United States Genius Sports Full timeA bit about us Do you want to join one of the world's fastest growing sports technology companies? Genius Sports is at the epicenter of the global network connecting sports, brands and fans through official live data. Our mission is simple. We champion a more sustainable sports data ecosystem that benefits all parties. We're looking for enthusiastic and...
-
Application Security Solutions Engineer
3 weeks ago
New York, New York, United States Amazon Full timeWe're a team of dedicated security professionals working to create a safe and secure environment for our customers. Our organization is responsible for creating and maintaining a high bar for security across all of Amazon's products and services. We're seeking a skilled Application Security Solutions Engineer to join our Application Security Automation team....
-
Application Security Engineer
2 days ago
New York, United States SeatGeek Full timeSeatGeek believes live events are powerful experiences that unite humans. With our technological savvy and fan-first attitude we're simplifying and modernizing the ticketing industry. SeatGeek is looking for an Application Security Engineering Intern to join our Security team. As an intern in AppSec, you'll focus on securing our applications by conducting...
-
Senior Application Security Engineer New
2 months ago
New York, United States Tbwa ChiatDay Inc Full timeHeadway’s mission is a big one – to build a new mental health care system everyone can access. We’ve built technology that helps people find great therapists with the first software-enabled national network of providers accepting insurance.1 in 4 people in the US have a treatable mental health condition, but the majority of providers don’t accept...
-
Software Engineer II
4 days ago
New York, United States Abnormal Security Full timeJob DescriptionJob DescriptionAbout the RoleAbnormal Security is hiring a Software Engineer to join the Threat Response Engine team, an essential part of our mission to protect global enterprises from diverse and evolving email threats. At Abnormal, we've taken a novel approach to email security, utilizing behavioral AI to identify and counter complex...
-
Secure AI Applications Engineer
4 weeks ago
New York, New York, United States Amazon Full timeAbout UsAmazon is committed to being Earth's Best Employer. We prioritize ongoing training, learning experiences, and diverse perspectives to drive innovation and success. Our inclusive culture supports employee well-being and fosters collaboration and creativity.Job OverviewAs an AI Security Specialist on the AppSec AI team, you will contribute to securing...
-
ML Application Security Engineer
5 days ago
New York, United States Dynamo AI Full timeAt Dynamo AI, we believe that LLMs must be developed with privacy, safety, and real-world responsibility in mind. Our ML team comes from a culture of academic research driven to democratize AI advancements responsibly. By operating at the intersection of ML research and industry applications, our team empowers Fortune 500 companies' adoption of frontier...
-
Application Security Program Manager
1 day ago
New York, New York, United States Disability Solutions Full timeAbout the Position:The Application Security Program Manager leads and drives Public Cloud engineering activities for the Application Security program. This includes designing and building Application Security capabilities and technologies to support the Application Security strategy and vision.Key Responsibilities:Partners with the Application Security...
-
Cloud Application Security Lead
1 day ago
New York, New York, United States Spring Health Full timeJob DescriptionThe Manager, Application Security will own the application security management functions, including vulnerability management, penetration testing, threat modeling, and secure application design. This is a full-time position that is fully remote.You'll lead a team of Application Security engineers, assigning projects and prioritizing tasks....
-
Enterprise Application Security Architect
3 weeks ago
New York, New York, United States A-1 Consulting Inc, Atlanta, GA Full timeA-1 Consulting Inc, a leading technology firm in Atlanta, GA, is seeking an experienced Enterprise Application Security Architect to join our team. This role will be responsible for designing and implementing secure systems, networks, and applications.Estimated salary: $120,000 - $180,000 per year.Design and implement secure systems, networks, and...
-
Application Security Specialist
3 days ago
New York, New York, United States Investment Bank Full timeAbout the RoleThis is an exciting opportunity to join a dynamic team at the Investment Bank and contribute to the protection of our information systems. The successful candidate will have a deep understanding of application security principles and practices, as well as experience working with code scanning tools and vulnerability management processes.As a...
-
Cloud Security Architect
4 weeks ago
New York, New York, United States Zip Security Full timeCompany OverviewAt Zip Security, we're revolutionizing enterprise cybersecurity by making it reasonable. Our goal is to reduce bloat by bundling and configuring opinionated security tooling, synchronizing everything from device management to application security under one central pane of glass.The RoleWe're seeking a Founding Backend Engineer to help build...
-
Application Security Specialist
3 weeks ago
New York, New York, United States Aloden, Inc. Full timeAloden, Inc.Information Security Position DescriptionNew York AreaWe are looking for an experienced Information Security Engineer 3 to enhance the security posture of our SaaS platform. This role requires a strong background in application security, vulnerability management, and SaaS security best practices.Job Summary:Develop and implement effective...
-
Information Security Analyst
2 weeks ago
New York, United States ASCAP Full timeJob DescriptionJob DescriptionAbout ASCAPThe American Society of Composers, Authors and Publishers (ASCAP) is a membership association of more than one million songwriters, composers and music publishers, and represents some of the world’s most talented music creators. Founded and governed by songwriters, composers and publishers, it is the only performing...
-
Application Security Architect
2 months ago
New York, United States Futran Tech Solutions Pvt. Ltd. Full timeIdentify, educate and remediate vulnerabilities in code using SAST, DAST, Credential Scanning, and Container Scanning tools. Design, build and deploy automation to scale vulnerability discovery efforts. Experience with Vulnerability Management Experience with SAST and DAST remediation Experience with Container Scanning remediation Experience with...
-
Head of Application Security Management
1 day ago
New York, New York, United States Spring Health Full timeJob SummaryWe are seeking a Manager, Security Operations to join our team at Spring Health. As a key member of our security team, you will be responsible for leading application security management functions, including vulnerability management, penetration testing, threat modeling, and secure application design.About Spring HealthSpring Health is a leading...
