Application Security Engineer
Lehi, Utah
Podium
Podium helps local businesses get more customers and give them better experiences with easy-to-use growth, communication, and payment tools.At Podium, our mission is to help local businesses win. Our lead conversion platform, powered by AI and integrations, helps local businesses convert leads faster, communicate easier, and make more sales. Every day, thousands of local businesses utilize our review management, communication, marketing, and payments products.
Our work and focus on helping local businesses thrive has been recognized across the industry, including Forbes’ Next Billion Dollar Startups, Forbes’ Cloud 100, the Inc. 5000, and Fast Company’s World’s Most Innovative Companies.
At Podium, we believe in fostering a culture that thrives on hiring and developing exceptional talent. Our operating principles serve as a compass, guiding daily behavior and decision-making, and ensure we hire people who will thrive at Podium. If you resonate with our operating principles and are energized by our mission, Podium will be a great place for you!
The Role:
As an Application Security Engineer at Podium, you will be responsible for validating that application services are designed and implemented with high security standards. You will analyze application security, addressing both legacy and emerging security issues, and implement repeatable secure development practices to prevent program flaws that could lead to exploitation. You will constantly assess applications for weakness, provide resolutions and communicate findings to the technical leadership team for effective risk mitigation. You will be constantly assessing applications for weaknesses and finding resolutions before they can be abused.
In this role, you will also assess the security of applications for business-to-business initiatives, third-party relationships, and vendors. As a highly knowledgeable individual, you will recommend programmatic controls, and monitor and manage secure development practices to tackle modern-day issues. You will think like an attacker, but will always act with integrity and not abuse your privilege.
Checkout this video from our Director of Security Sean Jackson talking more about this position.
What you will be doing:
- Perform vulnerability and penetration testing, emphasizing automation for testing and remediation.
- Collaborate with developers, DevSecOps, and other teams to conduct repetitive validation testing and ensure a continuous cycle of secure development.
- Stay updated on public-facing security issues, adopt new testing tactics, and actively participate in application projects and change management committees.
- Define and follow a security review process, utilizing dynamic and static code analysis resources.
- Document delivery advances meeting service-level agreements (SLAs) and business metrics.
- Align with architects and development teams for secure design, actively engaging in information security projects.
- Respond to service and escalation tickets, conduct performance testing, and contribute to local security groups/organizations and conferences.
What you should have:
- 4+ years of cybersecurity experience with a deep background (preferably 5+ years) in application programming.
- Technical and analytical expertise, including threat modeling, vulnerability testing, and proficiency in software development (Java, Python, C++, Ruby, etc.).
- Solid understanding of network and web protocols, experience with intra-company and third-party APIs, and proficiency with dynamic and static analysis tools.
- Excellent communication of business risk from cybersecurity issues and a track record of integrity, excellence, curiosity, and adaptability.
What we hope you have:
- Experience with applications in AWS, Microsoft Azure, or GCP, and proficiency in cryptography controls.
- DevOps background in public and private clouds, scripting skills in Python, JavaScript, PowerShell, PHP, or Ruby.
- Familiarity with ISO 27001, NIST, PCI DSS, HIPAA, HITECH Act, SOX, GDPR, CIS standards, or SOC 2.
- Working knowledge of Windows, Linux, Unix, and state privacy laws.
- Highly trustworthy with leadership qualities.
- Bachelor’s degree in computer science, information assurance, MIS, or related field, or equivalent experience.
- Certifications preferences: SANS certifications (GWAPT), CISSP (preferred, or CSSLP), OSCP, and related certifications.
Benefits:
- Open and transparent culture
- Life insurance, long and short-term disability coverage
- Paid maternity and paternity leave
- Fertility Benefits
- Generous vacation time, plus three 4-day summer holiday weekends
- Excellent medical, dental, and vision benefits
- 401k Plan with competitive company matching
- Bi-annual swag drops with cool Podium gear and apparel
- A stellar HQ (Utah) gym with local professional coaches and classes offered
- Onsite HQ (Utah) child care center, subsidized for employees
- Additional benefits for fully remote employees
Podium is an equal opportunity employer. Podium provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, gender, national origin, sexual orientation, gender identity or expression, age, disability, genetic information, marital status or veteran status.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: APIs Application security Automation AWS Azure Business Intelligence C CISSP Cloud Code analysis Computer Science Cryptography DevOps DevSecOps GCP GDPR GWAPT HIPAA ISO 27001 Java JavaScript Linux NIST OSCP PCI DSS Pentesting PHP PowerShell Privacy Python Ruby SANS Scripting SLAs SOC SOC 2 SOX UNIX Windows
Perks/benefits: 401(k) matching Career development Conferences Fertility benefits Health care Insurance Medical leave Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Senior Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Cybersecurity Analyst jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Staff Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Operations Analyst jobs
- Open Sr. Security Engineer jobs
- Open Security Consultant jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Application security-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open ISO 27001-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open APIs-related jobs
- Open Security Clearance-related jobs
- Open Forensics-related jobs
- Open SaaS-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open DoD-related jobs