Application Security Engineer
New York City, New York, United States; Boston, Massachusetts, United States
Full Time Mid-level / Intermediate USD 120K - 220K
Gecko Robotics, Inc.
Discover how Gecko Robotics provides unprecedented visibility into asset health of critical infrastructure through robotic inspections and software solutions.What We Do
Gecko Robotics is helping the world’s most important organizations ensure the availability, reliability, and sustainability of critical infrastructure. Gecko's complete and connected solutions combine wall-climbing robots, industry-leading sensors, and an AI-powered data platform to provide customers with a unique window into the current and future health of their physical assets. This enables real-time decision making to increase the efficiency and safety of operations, promote mission readiness, and protect the environment and civilization from the effects of infrastructure failure.
Role at a Glance
We are hiring an Application Security Engineer that will work collaboratively within the Software Platform team and with software engineers to embed the best security practices in Gecko’s software development pipelines. Gecko is rooted in a fundamental question posed by our CEO and CoFounder, Jake Loosararian: “Why do you trust the infrastructure around you?” This core premise is not simply a question that Gecko answers for its customers, but a principle that we apply to Gecko’s internal infrastructure as well. As such, Gecko is investing heavily in the security and stability of its software platform. The Software Platform team’s purpose is to empower software engineers to create exceptional and secure products quickly, by making software effortless to build, deploy, and manage while maintaining a high degree of quality and security. As Gecko’s business expands globally into multiple exciting verticals, so too does the complexity of our Cyber Security requirements.
What you will do
- Security Assessments: Conduct Application Security Architecture reviews, drive regular security assessments, and support penetration testing on applications to identify vulnerabilities and security flawsSecurity Tools and Automation: Implement and manage Application Security tools and develop automation scripts to improve the efficiency of security processes
- Incident Response: Support SOC with incident response scenarios and post mortems as relevant
- Compliance: Ensure applications comply with regulatory requirements and Gecko policies
- Threat Modeling (Risk Management): Categorizing assets, defining relevant threats, and implementing measures to mitigate or neutralize the risks
- Secure Development Lifecycle Integration: Work collaboratively with software developers to integrate security practices into the development lifecycle and provide expert guidance on how to mitigate security vulnerabilities.
- Training: Create training for developers in best practices for application security
Technologies We Use
We use a variety of technologies, but we primarily operate using Python, React, and Typescript with Google Cloud Platform (GCP) as our cloud provider. This is a non-exhaustive list and we are tech agnostic in our interview process, so we encourage you to apply regardless of your background.
About You
- 3+ years of experience in application security or a related role
- Strong understanding of security protocols, cryptography, and application security frameworks (e.g., OWASP)
- Proficient in security testing tools (e.g., Burp Suite, OWASP ZAP) and methods.
- Experience with programming languages such as Java, Python, or C++
- Familiarity with various operating systems and datastores
- Familiarity with Security Best Practices and frameworks (e.g. NIST, ISO27001, SOC 2)
- Experience with Cloud architectures and design patterns ( GCP experience is a plus)
- Bachelor’s in Computer Science, Cybersecurity, Information Technology, or a related field (or equivalent experience)
NYC Pay Transparency Disclosure
Salary Range: $120,000.00 to $220,000.00 annually plus equity and perks.This salary range is based on the current available market data, and represents the expected salary range for this role. Gecko Robotics has minimal hierarchy and few titles, but has broad ranges of experience represented within roles. Should you have compensation expectations that exceed these bands, we'd love to hear from you and would welcome you to reach out to further discuss.
Who We Are
At Gecko, our people are our greatest investment. In addition to competitive compensation packages, we offer company equity, 401(k) matching, gender-neutral parental leave, full medical, dental, and vision insurance, mental health and wellness support, ongoing professional development, family planning assistance, and flexible paid time off.
Gecko values collaboration, innovation, and partnership, and we believe we do our best work when we're together in person. We’re an office-first culture but understand that sometimes you may need to work from home. Many people are in the office five days a week, others need a bit more flexibility. Ultimately, we care about the outcomes we achieve - and creating a culture of autonomy and trust that enables that impact.
Gecko is committed to creating a culture of inclusion and belonging, and we are proud to be an equal opportunity employer. We believe it is our collective responsibility to uphold these values and encourage candidates from all backgrounds to join us in our mission to protect today’s infrastructure and give form to tomorrow’s. All qualified applicants will be treated with respect and receive equal consideration for employment without regard to race, color, creed, religion, sex, gender identity, sexual orientation, national origin, disability, uniform service, veteran status, age, or any other protected characteristic per federal, state, or local law. If you are passionate about what you do and want to use your talents to support our critical mission, we’d love to hear from you.
Tags: Application security Automation Burp Suite C Cloud Compliance Computer Science Cryptography GCP Incident response ISO 27001 Java NIST OWASP Pentesting Python Risk management Security assessment SOC SOC 2 TypeScript Vulnerabilities
Perks/benefits: Competitive pay Equity Flex vacation Health care Insurance Medical leave Parental leave Transparency
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs