Senior Application Security Engineer (AppSec Engineer)

ComplyAuto is a RegTech company offering cloud-based software that helps companies enhance their compliance and security capabilities while becoming more efficient and cost-effective. ComplyAuto manages and automates compliance decisions, performing tasks that would normally require manually-intensive processes and human intelligence.

ComplyAuto began as a privacy compliance company for automotive dealers, but has quickly expanded into other verticals and compliance areas including cybersecurity, EHS (environmental, health, and safety), and legal compliance.

If you're a motivated Senior Application Security Engineer who is eager to contribute to a variety of projects while enjoying an array of exceptional benefits, we are excited to review your application!

Salary Range: $145,000-$155,000

Benefits:

• 401(k) 5% match (1:1)
• Medical, dental, and vision insurance; premiums we pay 100% for employee and family
• HSA contribution for qualifying plans
• Unlimited Paid time off and 11 observed holidays
• Laptop and related hardware required provided

Job Summary:

The Senior Application Security Engineer will play a critical role in ensuring the confidentiality, integrity and availability of ComplyAuto applications and systems. You will work closely with cross-functional teams to design, implement, and maintain security measures that protect our infrastructure and customer data. This role will bring a strong background in application security, experience in startup/SaaS environments, and a solid understanding of Governance, Risk, and Compliance (GRC) principles.

Essential Duties & Responsibilities:

• Develop and maintain software application security policies and procedures
• Conduct secure code reviews, threat modeling, and manual security assessments to identify potential risks, vulnerabilities and exploits in ComplyAuto applications
• Collaborate and provide actionable technical guidance to the software development team on remediating application security vulnerabilities and exploits
• Promote secure coding best practices based on recognized standards
• Develop and maintain documentation of application security controls
• Implement software application security controls
• Design and deliver periodic secure code training
• Design technical solutions to address security weaknesses
• Participate in incident response for application related events, including lessons learned and design of test scenarios
• Manage application security testing tools and platforms
• Integrate and automate security testing as part of the CI/CD pipeline

Required Qualifications:

Bachelor's degree in Computer Science, Software Engineering, or a related field; 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security or any combination of education, experience, and training which provides the following knowledge, skills, and abilities:

• Bachelor's degree in Computer Science, or a related field; or equivalent work experience.
• 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security
• Proficient in securing programming languages, including React, TypeScript, and Node.js, and a strong understanding of relational database security
• Knowledge of securing APIs
• Experience configuring and managing both SAST (e.g. Synopsis, Snyk, Checkmarx, Veracode) and DAST (e.g. Stackhawk, Qualys, Burp Suite) tools
• Experience with Cloud Infrastructure (AWS, Azure, GCP) and securing SaaS applications
• Excellent communication skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders.
• Strong problem-solving and analytical skills.
• Knowledge of Secure Coding techniques
• Familiarity with industry accepted security and compliance frameworks (e.g. NIST CSF, CIS, SOC2, PCI-DSS, etc.)
• Familiarity with regulatory requirements (e.g. CCPA, GLBA, etc.).
• General knowledge of governance, risk, and compliance

Preferred Qualifications:

• Experience as a Security Engineer with a focus in Application Security
• Ability to work in a fast-paced, high growth startup environment, with the ability to handle additional security related responsibilities as we continue to grow
• Proficient with security tools and technologies
• Understanding of web application architecture
• Familiarity with performing threat modeling
• Security Certifications are a plus

Applicants must be authorized to work in the United States and able to provide proof of work authorization within three days of start date. We are unable to sponsor or take over sponsorship of employment visas at this time.

This is a fully remote opportunity, but candidates must reside within the Continental United States. Please note that we are not accepting applications from candidates residing in California, Hawaii, and Alaska for this position. ComplyAuto is an equal opportunity employer. We participate in the E-Verify program.