Senior Application Security Engineer

Meet Upside

We created Upside to help communities thrive! Our retail technology uses the sophistication of online retail—profit measurement, attribution, and incrementality—to provide users with more value on their everyday purchases and brick and mortar businesses with new, profitable customers. We’ve helped millions of users earn 2 to 3 times more cash back than any other product, and tens of thousands of brick and mortar businesses earn measurable profit. Billions of dollars in commerce run through the Upside platform every year, and that value goes directly back to our local retailers, the consumers they serve, and towards important sustainability initiatives. 

Upside was named on Deloitte's 2021 & 2022 list of Fastest Growing 500 Tech Companies and  #308 in Inc.’s America’s fastest growing private companies of 2022. Upside’s Series D funding round was led by General Catalyst with a $1.5 billion valuation in March 2022. Other notable investors include Bessemer Ventures and Formation8.

Our mission, values, and commitment to inclusivity guide our team of more than 350 people worldwide, and the quality of our culture is reflected in the impact we’ve had on communities nationwide. But don’t just take our word for it! In 2023, Upside was included as a Top Workplace in the USA, received six Best Places to Work awards from Built In, and was named a Top Workplace for Perks & Culture by The Muse.

Meet the Information Security team:

The Upside InfoSec team is a tight-knit group that has successfully implemented security standards across the company. We anticipate growth for the company and that means growth for us! We believe partnership and teamwork are the best paths to building awareness and scaling security concerns across the entire organization.

About the job:

As the Senior Application Security Engineer, you’ll identify potential code vulnerabilities, give security architectural guidance to engineering teams, and enable and implement innovative solutions that increase our security posture and enable our teams to do their best work. You won’t be alone in this endeavor, with the support of the Associate Manager, Security Engineering, and team members that will look to you as a mentor and coach with an opportunity for future growth as the leader of the InfoSec team.

What you’ll do:

• Identify potential vulnerabilities to our application
• Engineer and code security solutions to remediate issues and add protection
• Guide engineering teams to adopt security standard practices
• Shape and influence architecture from a security perspective
• Directly interact with the security community regarding vulnerabilities and threats
• Engage teams in threat modeling and document risks and/or application designs

What you need:

• 8+ years of application security engineering inclusive of coding security solutions via Python or Java
• Experience with vulnerability management such as application security training, application pentesting, secrets management, threat modeling, end-user authentication, and API security
• Deep understanding of AWS security architecture
• Willingness to learn, adapt, fail, and grow (growth mindset)
• Exceptional customer service and people skills
• Bachelor’s degree highly preferred

Our Technology Stack:

• Python for Automation
• AWS Lambdas written in Java and Python 3
• Java microservices using 12-factor principles
• Message Oriented Architecture
• Jenkins and Github Action CI/CD pipeline
• Kubernetes
• Terraform

The fine print:

• Worksite location: This is a fully-remote role that may sit anywhere in the United States. You're welcome to work from our DC, Austin, Chicago or New York office if you're in-region!
• Notice to recruiters and placement agencies: This is an in-house search with a dedicated recruiter. Please do not submit resumes to any person or email address at Upside. Upside is not liable for, and will not pay, placement fees for candidates submitted by any party or agency other than its approved recruitment partners.

At Upside, we believe that diversity drives innovation. Our differences are what makes us stronger. We‘re passionate about building a workplace that represents a variety of backgrounds, skills, and perspectives and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Everyone is welcome here. Come join us!