Product Security Engineer

The Position
Do you dream about creating a more sustainable future? At Uplight, we are motivating energy users and providers to accelerate the clean energy ecosystem. Working with over 90 of the world's leading electric and gas utilities, Uplight provides an end-to-end customer energy experience. Uplight delivers personalized experiences that customers have now come to expect-improving satisfaction, increasing revenue, reducing the cost to serve, and contributing to carbon reduction goals. We are B Corp certified, enabling us to put our values into action by not only making decisions for the benefit of our shareholders, but also for our customers, environment, employees, and community.
We are seeking a Product Security Engineer to join our team and help us achieve our ambitious goals for our business and the planet.
What you get to do:
As a Product Security Engineer, you will:

• Contribute to Uplight's secure SDLC
• Train developers, architects, code reviewers, and others on secure coding practices
• Serve as the subject matter expert for Application Security, providing guidance to Engineering and Product teams
• Work with the product and engineering teams to perform threat modeling, design/code reviews, static/dynamic code analysis, and vulnerability assessments in a continuous integration and delivery (CI/CD) environment
• Assist in responding to prospect and customer product and industry security questions
• Maintain awareness of known vulnerabilities in application technologies used within Uplight
• Research any reported or suspected application vulnerabilities

Skills and experience are necessary, but we hire on value alignment first, so if you feel you would be a good fit with us, still consider applying.
What you will contribute:

• Help develop and implement secure coding & secure design principles
• Perform threat modeling, design/code reviews, and vulnerability assessments
• Subject matter expertise in product and application security
• Help identify risk patterns and offer proactive defense suggestions
• Investigate and respond to security incidents, automating the investigation and/or remediation where possible

What you bring to Uplight:

• 3+ years of AppSec/Product Security experience
• Expert-level understanding of modern web technologies, mobile, and web application security
• Thorough understanding of both OWASP Top 10 and OWASP API Top 10, and corresponding best practices for mitigation
• Prior experience securing web applications, including performing security code reviews, vulnerability assessments, and manual testing for logic flaws
• The ability to perform threat modeling of web applications
• The ability to effectively partner and communicate with Engineering and Product teams

Bonus points:

• Development experience with Docker, Kubernetes, or APIs
• Familiarity with compliance frameworks such as SOC2, ISO27001, etc.

What makes working at Uplight amazing:
In addition to all the standard medical and dental benefits, that kick in Day 1, we are:

• Proud to be over 500+ purpose-driven individuals helping to create a more sustainable planet.
• Committed to the environment, our employees, and our communities.
• Focused on career growth by following defined career ladders.
• Committed to taking our work and mission seriously and....we love to laugh!

We also provide:

• 401k Match
• Medical, vision, and dental insurance
• Monthly wellness stipend
• Peer to peer recognition program
• Management by objectives bonus plan
• Innovative flexible time off policy
• Exceptionally collaborative and cool office spaces

Salary Range: $130,000 to $150,000
In accordance with the Colorado Equal Pay for Equal Work Act, the approximate annual base compensation range is listed above. The actual offer, reflecting the total compensation package and benefits, will be determined by a number of factors including the applicant's experience, knowledge, skills, and abilities, as well as internal equity among our team.
Uplight provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type without regard to race (including hair texture and hairstyles), color, religion (including head coverings), age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.