Application Security Engineer

Job Title: Application Security Engineer

Location: Remote - US 

THE OPPORTUNITY:

Although we’re proud of our history, we’re even more excited about the future. We want to create a world-class culture and company that attracts, develops, engages and retains elite talent.

At Salesloft, our Application Security Engineer will be pivotal to our company’s success. You will be a key member of our fast-growing and high-performing information security team and will work closely with our product and engineering teams to ensure we deploy a product that is resistant and resilient to cyber attacks.

On a day-to-day basis, you will be responsible for evaluating the security of the Salesloft platform and ensuring remediation of vulnerabilities. Specifically, you will be:

• Developing and maintaining software application security policies and procedures

• Providing technical leadership, guidance, and direction to the application development team

• Developing and maintaining documentation of application security controls

• Implementing software application security controls

• Designing technical solutions to address security weaknesses

• Analyzing system services, spotting issues in code, networks and applications

• Assist Engineering and Development teams in following security best practices while performing their tasks

• Assist with threat modeling and security reviews for proposed and existing platform components

• Perform targeted whitebox and/or blackbox penetration tests to discover gaps in security controls

• Facilitate external penetration testing activities with third party firms 

• Serve as the primary owner of the Salesloft bug bounty program and perform validation of new findings

• Consult with architecture teams on the secure development of platform components as well as the development of customer facing security features

• Analyze application security scans (e.g., SAST, DAST, container image scans, third party dependency scans) to ensure findings are appropriately prioritized to effectively reduce risks 

• Make recommendations for risk mitigation actions to development teams

• Build or recommend automated methodologies to add efficient security to our CI/CD
  

In addition to working with amazing colleagues who exemplify our ‘team over self’ core value, you will also have the opportunity to build a world class application security function. You will have an opportunity to make a difference. 

WHAT WE’RE LOOKING FOR:

We are seeking a seasoned application security professional who is excited about building and leveling up the application security maturity of Salesloft, helping to find and fix application vulnerabilities and mentoring our developers to build security in from the beginning of a development cycle. Specifically, you will play a pivotal role in building Salesloft’s application security program, establishing key processes that help development teams to manage and minimize risk while moving fast. 

If you’re looking for an opportunity to learn more, do more, and become more, then joining Salesloft as an Application Security Engineer is the career path for you!

THE TEAM:

Our Salesloft’s Information Security team comprises seasoned and up-and-coming Engineers and analysts who are the epitome of our core values: Put Customers First. Team Over Self. Focus on Results. Bias Towards Action. Glass Half Full.

THE SKILL SET:

• Minimum of 5 years of experience in Information Security or closely related fields

• Minimum of 2 years working with SDLC concepts and processes

• Ability to learn new technologies quickly

• Strong knowledge of web application security concepts, common attack techniques, threats and mitigations

• Familiarity with common programming languages and best practices for security methodologies with those languages

• Familiarity with Dynamic and Static AppSec testing technologies

• Ability to work collaboratively with senior management across multiple departments

• Ability to work effectively in a fast-paced, project-oriented environment

• Ability to prioritize and execute tasks

• Ability to handle sensitive and confidential information

• Ability to handle multiple tasks simultaneously

• Strong analytical and problem-solving skills

• Collaborative mentality by prioritizing ‘we’ and not focusing on ‘me’

• Strong communication skills with both technical and non-technical staff members

• Relevant industry certifications are desirable
  

WITHIN ONE MONTH, YOU’LL:

• Attend Salesloft’s New Hire Orientation, where you will learn our Salesloft story and understand what makes our “Lofters” unique 

• Begin 1:1’s with your manager, understand your 30-60-90 plan, meet & shadow current members of the Salesloft infosec and engineering team

• Learn the day-to-day operational cadence and become familiar with the infosec technology stack

• Understand the key performance indicators (KPIs) of the SalesLoft security team
  Learn and understand the mission, vision, and values of the SalesLoft security team

• Review and understand the SalesLoft risk assessment process as well as currently identified organizational security risks
  

WITHIN THREE MONTHS, YOU’LL:

• Act as a consultant, evaluating the effectiveness of the security program with a fresh set of eyes

• Learn Salesloft development environment and current security controls

• Understand key priorities of the Security Program for Salesloft

• Identify net new measures of success of the security program

• Understand metrics and goals of the SLDC and appsec security program

 WITHIN SIX MONTHS, YOU’LL:

• Take ownership of key projects and deliverables to enhance the application security program

• Become a subject matter expert in our existing application security controls

• Develop new process, policies, and technology to enhance the application security program

WITHIN TWELVE MONTHS, YOU’LL:

• Serve as a technical expert on SalesLoft’s platform application security controls and a point of escalation for identified issues

• Implement new technologies to increase our application security vulnerability and threat detection capabilities 

• Work with auditors and internal personnel to address application security questions and concerns

• Implement threat modeling procedures within the engineering and other departments
  

WHY YOU’LL LOVE SALESLOFT:

At Salesloft, we're not just a company, we're a community built on shared values. 

We put our customers first, prioritize our team over ourselves, focus on results, have a bias toward taking action, and choose to see the glass as half full. These values have been at the heart of our growth in becoming the #1 leader in sales engagement software, and we're still just getting started.

Salesloft helps sales teams drive more revenue with the only complete Sales Engagement platform available in the market. Salesloft is the one place for sellers and managers to go to execute all their digital selling tasks, communicate with buyers, understand what to do next, forecast with accuracy, and get the coaching and insights they need to win more deals. Thousands of the world’s most successful sales teams, like those at Google, 3M, IBM, Shopify, Square, and Cisco, drive more revenue with Salesloft.

Since our founding in 2011, we have grown into a global, award-winning organization with Lofters based all over the world. As a testament to our organizational health, we have been named by Forbes as one of America’s Best Startup Employers in 2021, Atlanta Business Chronicle’s 2022 Healthiest Employers, three times by Deloitte as a ‘Fastest-Growing Technology Company in North America,’ and have been recognized as a top workplace by Fortune, Glassdoor, Atlanta Journal-Constitution, and Inc Magazine. 

In addition to our stand-out organizational health, G2 recently ranked us #1 in Enterprise Sales Engagement and we were named a leader in the 2022 Forrester Wave for Sales Engagement. We received the highest possible score in 26 out of 30 criteria, more than any other vendor evaluated in our category. 

We’re redefining an age-old industry. This is challenging work – but our team of driven innovators makes the journey thrilling. We’re fast-paced, cutting-edge, and collaborative. We pursue excellence in everything we do and have a lot of fun along the way. Come join us!

Check us out on Glassdoor and see what people LOVE about working for Salesloft! 

IS THIS ROLE NOT AN EXACT FIT? Keep an eye on our Careers Page for other positions!

WHY SHOULD YOU WORK AT SALESLOFT:

• You will become part of an amazing culture with a supportive CEO and smart teammates who actually care

• You will work with an amazing team you can learn from and teach

• You will experience joining a high-growth/high-trajectory organization

• You will hear “Yes, let’s do that!” and then have the opportunity to successfully execute on your ideas

• You will build community with Lofters of many cultures and backgrounds through ERGs and DEI initiatives

• We have a vibrant, open office that utilizes modern technology

• You will grow more here than you would anywhere else, that is a promise
   

Salesloft embraces diversity and invites applications from people of all walks of life. We are proud to be an Equal Opportunity Employer and provide equal employment opportunities to all employees and applicants without regard to race, color, religion, sex, age, national origin, disability, veteran status, pregnancy, sexual orientation, or any other characteristic protected by law.

#LI-Remote