Application Security Engineer

Cash compensation range: $123,000 - $145,000 USD annually + equity

The Stride team is seeking an experienced Application Security Engineer to enhance our Security program. As part of our small security team, you will collaborate with the Director of Security and Compliance to shape the future of our overall security program and strengthen Stride's system security. As the primary AppSec engineer, your role will focus on shifting security left, ensuring the safety and resilience of our applications. You will work closely with our application engineering teams, integrating security best practices into the development lifecycle, and advancing our organization's overall security posture. We are looking for a collaborative partner who can identify and resolve vulnerabilities, streamline security practices in development pipelines, and develop innovative solutions.

Our engineering teams primarily use Javascript, Python, Swift, and Kotlin. Our frontend is written in Typescript with React and Redux. We employ Terraform for Infrastructure as Code, with all components containerized on AWS and deployed using CI/CD.

Responsibilities:

• Collaborate with engineering teams to reduce vulnerabilities using a risk-focused framework.
• Develop and deliver training on secure coding practices, vulnerability management, and the secure development lifecycle.
• Identify, set up, and maintain application security tooling, including static and dynamic scanning solutions (SAST and DAST) and reporting.
• Advise and oversee the secure design and configuration requirements of key application projects to ensure the implementation of security requirements.
• Collaborate with development teams to validate vulnerability scanning and penetration testing results, and assist in devising remediation solutions for identified issues.
• Conduct threat modeling and risk assessment exercises to mitigate potential attack vectors.
• Act as a subject matter expert, providing guidance on application security matters to engineering and management teams.
• Maintain documentation of application security controls.
• Implement software application security controls.
• Design technical solutions to address security weaknesses.
• Communicate effectively and organize effectively to collaborate with engineering teams and address security issues.
• Utilize project management skills to oversee long-term remediation projects.

Qualifications:

• 3+ years of experience in application security or a related field, preferably within a DevSecOps environment.
• Proficiency in Python, Javascript, and PostgreSQL, with a specific emphasis on Python scripting.
• Familiarity with security tools and frameworks, including SAST and DAST.
• Understanding of vulnerability management.
• Solid understanding of secure coding best practices and the security aspects of application architecture.
• Experience reviewing technical designs and proactively identifying risks in collaboration with engineers.
• Ability to develop and maintain documentation of application security controls.
• Proficiency in implementing software application security controls.
• Capability to design technical solutions to address security weaknesses.
• Strong communication and organizational skills to collaborate effectively with engineering teams and resolve security issues.
• Project management experience for overseeing long-term remediation projects.

Nice-to-haves:

• Strong knowledge of AWS security best practices and tools.
• Solid understanding of threat modeling and risk assessment methodologies.
• Familiarity with container security and orchestration tools, such as Docker and Kubernetes.
• Experience in building a product security program or being an early member of a security team, contributing to scaling a security program.

#LI-RR