Senior Application Security Engineer

  • Spin
  • San Francisco, CA
  • Oct 16, 2020

Job Description

About Spin

Spin is a fast-growing micromobility company committed to a world with clean air, liveable cities, safe streets, and widespread access to convenient, affordable transportation. If you’re searching for a top-tier career where you can make a difference and dynamically collaborate within a creative, lively environment—Spin welcomes you!

We’re passionate about transportation and technology. The work we accomplish fulfills a sense of meaning and purpose, which goes beyond the traditional dimensions of a workplace. Our products and initiatives directly influence people’s lives, which is proven by our customers' feedback.

Founded in 2017, and now a subsidiary of Ford Motor Company, we have worked together with cities, campuses, community groups, and businesses to expand internationally. Even as we expand, we maintain the close feeling of a small business, with “fireside chats” chats led by our company’s founders, weekly OKR pop-up videos, music-infused presentations at our All Hands meetings, and more. During this time of working remotely, our creativity and shared goals have kept us united and bonded within our virtual community.

We are a diverse team of artists, engineers, designers, urban planners, policymakers, marketers, and operators. We believe in inclusivity and build powerful alliances to fulfill our goals and move our mission forward. Above all, we at Spin are connected by our values and #BeOrange spirit, which represents unity, purpose, passion, and creativity.

About the role

If you like breaking software, finding the cause, and working with developers so it can be fixed, we want you to join our Security team in San Francisco, CA. The ideal candidate has an inherent desire to uncover security issues before threat actors do, and will work with teams to shift security to the left in the SDLC.

The Senior Application Security Engineer is responsible for assessing and assuring the integrity of Spin's mobile apps, web sites, API endpoints, and code artifacts produced by numerous teams. We are part of the engineering org and seek to influence the software development life-cycle to ensure applications are designed and built securely. If you are enamored with security and love to train developers to build better, more secure software, this position is for you.

Responsibilities

  • Bringing security into developer workflows
  • Develop application security and product standards to standardize security practices
  • Provide security guidelines for the organization to protect critical assets and data
  • Review, analyze, and evaluate both internally developed software and vendor products and procedures to address security requirements
  • Work with DevOps engineers to integrate both static and dynamic analysis security tools into CI/CD pipelines
  • Serve as domain specialist for static and dynamic analysis security tools
  • Interpret security tools and penetration testing results and describe issues and fixes to developers
  • Provide vulnerability remediation guidance and mentoring to product development software engineers
  • Find security defects and where they reside in source code
  • Develop company-wide security projects to discover security defects in source code, dependencies, and/or other artifacts
  • Build metrics to track security defects and automate the collection of security information to derive metrics
  • Enable automation of product security testing and find innovative ways to scale the security team
  • Evaluation of new technologies, tools, and/or development techniques that impact security

Qualifications

  • Ability to communicate effectively with business teams in explaining security and privacy topics clearly and in simple terms
  • Extensive experience with AWS
  • Candidates elaborate on the vulnerabilities and weaknesses in the OWASP Top 10, WASC, and/or CWE 25 to any audience, and discuss effective defensive techniques
  • Deep understanding of HTTP and SSL/TLS protocols, and Web applications
  • Deep knowledge of authentication protocols and frameworks to include OAuth, OpenID, SSO/SAML, and AWS IAM
  • Familiarity with dynamic and static analysis tools
  • Experience with continuous integration / continuous deployment processes and tools
  • Ability to interpret dynamic/static analysis tools, and penetration test results and describe issues and fixes to non-security specialists
  • Ability to automate tasks using a scripting language (Python, Ruby, etc)
  • Ability to program in Python, experience with Go, Node, React, C, and/or C++ a plus
  • Familiarity with common vulnerability assessment and exploit tools

Qualifications:

  • 8+ years of work experience in roles relating to application security or other fields
  • An understanding that people need to be brought along on the security journey, and that they start with widely varying levels of knowledge
  • Skilled at taking sophisticated topics and making them simple
  • Proven experience in application security or related fields
  • A team focus with an ability to work in a matrixed organization

Benefits & Perks

  • Opportunity to join a fast-growing startup and help shape and establish the company’s industry leadership
  • Competitive health benefits
  • Unlimited PTO for salaried roles
  • Pre-tax commuter benefits
  • Monthly cell phone bill stipend
  • Wellness perk for salaried roles

Spin is an equal opportunity employer and will not discriminate against any employee or applicant for employment in an unlawful matter. We celebrate diversity and are committed to creating an inclusive environment for all individuals. Spin treats all employees and job applicants on the basis of merit, qualifications, and competence without regard to any qualified individuals' sex, race, color, religion, national origin, ancestry, gender (including pregnancy, breastfeeding, or related medical condition), sexual orientation, gender identity, gender expression, age, physical or mental disability, medical condition, genetic characteristic or information, marital status, military and veteran status, or any other characteristic protected by state or federal law. Spin also considers qualified applicants with criminal histories, consistent with applicable local, state, and federal law.

Spin is committed to providing reasonable accommodations for qualified individuals with disabilities in its job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at job_accommodations@spin.pm.

Organization Type

Company  

Organization Size

501-1000  

Sectors

Transportation