Staff Application Security Engineer

Meet Upside:

We created Upside to help communities thrive! Our retail technology uses the sophistication of online retail—profit measurement, attribution, and incrementality—to provide users with more value on their everyday purchases and brick and mortar businesses with new, profitable customers. We’ve helped millions of users earn 2 to 3 times more cash back than any other product, and tens of thousands of brick and mortar businesses earn measurable profit. Billions of dollars in commerce run through the Upside platform every year, and that value goes directly back to our local retailers, the consumers they serve, and towards important sustainability initiatives. 

Upside was named on Deloitte's 2021 & 2022 list of Fastest Growing 500 Tech Companies and  #308 in Inc.’s America’s fastest growing private companies of 2022. Upside’s Series D funding round was led by General Catalyst with a $1.5 billion valuation in March 2022. Other notable investors include Bessemer Ventures and Formation8.

Our mission, values, and commitment to inclusivity guide our team of 400 people worldwide, and the quality of our culture is reflected in the impact we’ve had on communities nationwide. But don’t just take our word for it! In 2023, Upside was included as a Top Workplace in the USA, received six Best Places to Work awards from Built In, and was named a Top Workplace for Perks & Culture by The Muse.

Meet the Product Security team:

The Upside Product Security Engineering team is a tight-knit group of Application and Cloud Security engineers that have successfully implemented security standards across the company. We regularly partner with engineering leadership to implement safe coding and architecture best practices into the way that we build our product. Our continued support of product features means growth for our team! We believe partnership and teamwork are the best paths to building awareness and scaling security concerns across the entire organization.

About the job:

The Staff Application Security Engineer will build relationships with technology stakeholders and leverage AppSec tools to identify and remediate product vulnerabilities. This is an individual leadership role that will innovate for our InfoSec team, increase our product security posture and enable our engineers to code safely.

What you’ll do:

• Innovate and deliver security solutions to mitigate application vulnerabilities
• Run security code tests (SAST, SCA) and partner with engineers to fix unsafe code
• Create threat models and engage technology teams to review and document risks
• Guide leadership on security architecture, design and best AppSec practices
• Train and upskill engineers on safe coding and vulnerability management
• Lead penetration testing initiatives and/or help manage bug bounties
• Interact with the security community and keep aware of trends

What you need:

• 10+ years of security engineering inclusive of application or product security
• Experience with object-oriented programming inclusive of Python3 or Java
• Deep understanding of AWS security architecture, Lambda and Terraform
• Ability to innovate, drive and deliver vulnerability management solutions
• Bachelor’s degree in Computer Science or Engineering highly preferred
• Willingness to learn, adapt, fail and grow (professional growth mindset)
• Exceptional customer service and people skills

Our technology stack:

• AWS Lambdas written in Python
• GitHub Advanced Security
• Terraform
• Python for Automation
• Kubernetes clusters in AWS EKS
• Java microservices using 12-factor principles
• AWS Services managed through Terraform (RDS, DynamoDB, S3, Athena, SNS, SQS, IAM, VPCs, Elasticache)
• Snowflake, dbt, Dagster
• Github Actions CI/CD

The fine print:

• Location: This is a fully-remote role that may sit anywhere in the United States. You're welcome to work from our DC, Austin, Chicago or New York office if you're in-region!
• Notice to recruiters and placement agencies: This is an in-house search with a dedicated recruiter. Please do not submit resumes to any person or email address at Upside. Upside is not liable for, and will not pay, placement fees for candidates submitted by any party or agency other than its approved recruitment partners.

At Upside, we believe that diversity drives innovation. Our differences are what makes us stronger. We‘re passionate about building a workplace that represents a variety of backgrounds, skills, and perspectives and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Everyone is welcome here. Come join us!