Staff Application Security Engineer

About Starburst

At Starburst, we are working to dismantle the status quo of data silos and vendor lock-in every single day. For decades, database companies have held their customers hostage and we believe that’s just plain wrong. Starburst offers a full-featured data lake analytics platform, built on open source Trino. Our platform includes all the capabilities needed to discover, organize, and consume data without the need for time-consuming and costly migration projects. Today more than 300 leading organizations trust us to make better decisions faster. 

Though Starburst has raised $414M in venture funding from top investors, we were founded in a rather unusual way as we bootstrapped the business with customers and revenue from the very beginning! We are a remote-first company with employees all over the world and are proud to be named a Best Place to Work. Come join our team of All-Stars!

About the role

This role will be the first member of the soon-to-be-formed Starburst Product Security team. Initially hands-on, you will be responsible for building and operating the foundational elements of the Product Security Program to ensure that Starburst applications are designed, developed, and maintained with robust security measures in place. As the business and the maturity of the Product Security Program evolve, this team will continue to scale to meet the growing demands.

As a Staff Application Security Engineer at Starburst you will:

• Build automations to identify and prevent risks during software development
• Build threat models to identify potential vulnerabilities in architecture and design
• Work with the Product and Engineering organizations to prioritize and remediate vulnerabilities and to design and implement application security controls
• Advise and train development teams on secure coding best practices
• Respond to and investigate security incidents and breaches related to application vulnerabilities
• Manage 3rd party penetration testing
• Manage application security tooling (SCA, SAST, and DAST, etc.)
• Manage a Vulnerability Disclosure Program
• Prepare and present reports on application security status and improvement recommendations to management
• Occasionally work directly with customers

Some of the things we look for:

• A strong command of application security fundamentals
• A strong understanding of enterprise software development processes
• Ability to communicate and collaborate with Product and Engineering teams
• Experience building and rolling out new processes
• Experience in Enterprise B2B SaaS
• Experience working directly with customers
• Experience leading and mentoring colleagues and team members

Where could this role be based?

• US (remote)

Why build your career at Starburst?

We live by our three core company values: Character, Competence, and Ownership and are a team of top performers. We are each in the driver’s seat, shaping our organization and working together towards our common mission. We are solving exceptionally complex and meaningful challenges here and as we innovate, we each have the opportunity to build our careers alongside Starbursts’s growth.

We take care of our global workforce by making sure employees enjoy competitive salaries and attractive stock grants, remote-friendly work options, flexible paid time off, and more!

We are committed to fostering an intentional, inclusive, and diverse culture that drives deep engagement, authentic belonging, and an exceptional All-Star experience. We believe that diversity of thought, perspective, background and experience will enable us to own what we do, drive our success and empower our All-Stars to show up for one another authentically in all moments that matter.

Starburst provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

#BI-Remote #LI-Remote