Lead Application Security Engineer

Location: Remote, United States

We are looking for an exceptional Lead Application Security Engineer to kickstart ngrok’s security engineering capabilities. This individual will be responsible for building a scalable application security program and ensuring the continuous security of ngrok products.

To succeed in this role, this engineer will need to drive security into development by performing architecture and design reviews, threat modeling, code reviews, and application security testing. They will need to develop partnerships with engineering and product teams to diagnose, document and remediate any security vulnerabilities identified. It will be important for this person to implement easy ways for developers to adopt secure development practices.

• Perform security reviews and provide guidance for new products and existing systems. Work with engineering to detail any issues found, provide recommendations, and validate that they’ve been resolved. 
• Execute vision and standards around security/quality/observability/clean code.
• Develop security tools and processes with an emphasis on self-service, automation, performance, and scalability.
• Designing and implementing a secure development life cycle (design reviews, CI / CD integrations, bug bounty program).
• Create secure libraries and tooling as a foundation for our engineering teams.
• Assist with customer / vendor / compliance security requirement implementation and assessments.

• 5-10 years of experience in product or application security. 
• Experience in assessing product features before release to ensure desired security posture. 
• Experience in building application security capabilities in prior roles. 
• Demonstrable knowledge of OWASP Top 10 and attack vectors and an understanding of container security (Kubernetes, Docker).
• Comfortable with Go, Rust, TypeScript, and Terraform codebases. 
• Good verbal and written communication skills that enable you to share and present your ideas with the engineering team. 
• Prior experience in a startup with a passion for big challenges, technology and a good sense of humor.
• US-based, and thus legally authorized to work in the United States.

Compensation for this role depends on level, but we provide a competitive mix of salary and equity.

We provide a 401(k) with a 100% match up to 3% of your salary and a 50% match up to another 2%.

We provide healthcare, dental, and vision with premiums fully covered on the base plan for employees. Half of premiums are covered for dependents.

We offer unlimited PTO and a culture in which the overwhelming majority of employees take more than four weeks. Your manager is also on the hook for encouraging you to do the same.

ngrok builds your network defined edge: bring auth, resiliency, and policy to any web service. This involves a lot of hard problems around networking (surprise, right?), reliability, and performance. We build tools for engineers in nearly every Fortune 500 company and are rapidly expanding our offerings targeted at production workloads and use cases.

Our company recruits individuals with a passion for building developer first tooling and a generative organization. We look for systems thinking, thoughtfulness, and a bias for getting things done. This requires building an inclusive organization that sets each individual up to be their best self.