Staff Engineer, Application Security

How you’ll make an impact

Spotnana is searching for a Staff Application Security Engineer to join our growing global team. The ideal candidate is a hands-on leader who will help improve the security and privacy posture of Spotnana’s flagship online booking platform, mobile application and underlying backed services running in AWS. 

This passionate individual will lead secure SDLC and DevSecOps agenda at Spotnana, with a shift-left and automation mind-set, working closely with development, SRE, DevOps and cloud operations team 

What you'll own

• Code/application level security of Spotnana web and mobile applications
• Training and awareness for development staff on security issues
• Triage and management of application vulnerabilities found through various methods
• Software supply chain and CI/CD security for Spotnana customer serving applications
• Bug-bounty and external penetration testing engagements
• Help with security of integrations and any custom implementations
• Role on the incident response team where application level context and triage is necessary to contain an issue
• Partnering with DevOps and Engineering teams to implement pipeline based checks and balances (ex: managing secrets)
• Partnering with infrastructure security on container vulnerability management and compliance team to deliver application specific controls for audits and certifications

Experience to bring with you  

• 10+ years of previous web and mobile application security experience
• Experience securing microservices based applications built on AWS
• Expert level knowledge and experience using and implementing major AuthN and AuthZ frameworks such as OAuth, OpenID Connect (OIDC), and SAML (Security Assertion Markup Language)
• Previous experience implementing secure SDLC practices, and automations such as SAST, DAST, RAST, IAST in at least medium scale software development organizations
• Experience configuring and and tuning WAF
• Deep understanding and experience with API security testing and risk mitigations
• Strong experience with React (JS) for front end and Java for the backend services
• Hands on experience with MySQL, RDS data stores, plus ElasticSearch & Spring Boot
• Experience with AWS cognito is a plus
• Comfortable with committing code into production pipelines and following engineering practices and cadences
• Comfortable with conducting code reviews and explaining to development teams specifics on how to fix vulnerabilities
• Ability to write tools and automations to support various aspects of secure SDLC
• Nice to have experience with applications running in ECS (fargate) or EKS

Let’s talk compensation

Spotnana strives to offer fair, industry-competitive and equitable compensation. Our approach holistically assesses total compensation, including cash, company equity and comprehensive benefits. Our market-based compensation approach uses data from trusted third party compensation sources to set salary ranges that are thoughtful and consistent with the role, industry, company size, and internal equity of our team. Each employee is paid within the minimum and maximum of their position’s compensation range based on their skills, experience, qualifications, and other job-related specifications. 

The annual cash compensation for this role is: $200,000-$220,000

We care for the people who make everything possible - our benefits offerings include:

• Equity in the form of stock options which provides partial ownership in the company so you can share in the success of the company as it grows
• Pre-tax and ROTH 401(k) options via Fidelity with up to a 4% company match
• Comprehensive benefit plans covering medical, dental, vision, life, and disability effective on your hire date. We cover 100% of your employee premiums and 85% of your eligible dependents
• Pre-tax flexible spending account options for health, dependent care and commuter expenses
• 20 vacation days per year in additional to 10 company holidays, 4 company recharge/wellness days and an end of year company shutdown
• Up to 26 weeks of Parental Leave
• Monthly cell phone / internet stipend
• Additional benefits including access to RocketLawyer’s online legal platform, International Airlines Travel Agent Network (IATAN) membership, Pet Insurance through Fetch, Financial Wellness through Origin and SoFi, EAP through Mutual of Omaha, The Calm app through Kaiser, pre-tax parking/transit program and more