Application Security Engineer

Posted:
11/26/2024, 1:22:34 AM

Location(s):
New York, New York, United States ⋅ New York, United States

Experience Level(s):
Junior ⋅ Mid Level ⋅ Senior

Field(s):
IT & Security

Alloy is where you belong! 

Alloy solves the identity risk problem for companies that offer financial products by enabling them to outpace fraud and confidently serve more people around the world. Banks and Fintechs turn to Alloy to take control of fraud, credit, and compliance risk, and grow with the clearest picture of their customers.  

Through our values: Be Bold, Get Scrappy, Collaborate, and Celebrate Our Differences, we are creating a workplace where you can grow, thrive, and belong. See how we’ve been continuously recognized and named one of Inc.Magazine’s Best Workplaces, Forbes America’s Best Startup Employers, Best Fintech to Work for by American Banker, year after year.  

Check out our investors and read more about us here.  

About the team

Alloy’s security team is supportive, focusing on enabling the engineers to seamlessly deliver high quality software that adheres to security best practices, instead of being gatekeepers. Security is extremely important at Alloy, so this will be a high impact role with a lot of scope for growth, leadership opportunities and learning.

What you'll be doing

Reporting into the Engineering Manager of Product Security, you will: 

  • Assist in the evolution of our application security functions and services
    • Implement, configure and monitor our security tools to help us detect and respond to new types of threats. Improve efficiency and reliability of these tools through scripting and automation.
    • Act as a subject matter expert for security solutions
    • Assist junior security engineers with their development
    • Provide guidance and recommendations on application security best practices
    • Maintain knowledge of the latest security trends, threats, and countermeasures
    • Raise awareness about application security within Alloy
    • Foster a culture of security, encourage the adoption of secure practices, and work to ensure that security is considered at every level of the organization.
  • Work closely with engineering teams to secure their software throughout the entire software lifecycle from the design stage to monitoring post deployment
    • Ensure that change management processes are adhered to across all platforms.
    • Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline
    • Automate security checks and scans to identify and fix vulnerabilities early in the development process.
    • Conduct application security assessments and penetration tests to identify vulnerabilities and security issues
    • Provide guidance to developers on secure coding practices.
    • Collaborate with infrastructure and development teams to ensure that security measures are effectively implemented in production environments
  • Be a key player of Alloy’s vulnerability management program
    • Discover application security issues in our code through penetration testing, source code review, and design review.
    • Analyze risk and triage issues based on severity. Communicate the issues to relevant teams with clear recommendations on how to fix them. Assist with fixing issues as needed.
    • Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
    • Report and document security findings and remediation activities
    • Troubleshoot production difficulties and performance constraints with security tooling, controls, and features.
    • Participate in Alloy’s bug intake and remediation process
  • Stay vigilant and monitor ongoing security threats
    • Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
    • Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted of concerning activity
    • Document security incidents and the extent of the damage caused by the incidents
    • Participate in incident response and handle activities related to application security incidents
    • Work closely with incident response teams to mitigate the impact of a breach. This may involve coordinating with other IT professionals, communicating with stakeholders, and assisting in the recovery process.
    • Investigate incidents, identifying the cause, and implementing measures to prevent similar incidents in the future.
    • Participate in on-call rotation

Who we’re looking for

We're looking for Application Security Engineers to join our growing security team responsible for securing Alloy's applications, data and infrastructure. Application Security engineers work in cross-functional collaboration with the engineering and devops teams to manage application vulnerabilities, provide expertise on secure development practices and drive security and privacy initiatives. You have:

  • A combination of education, training, and experience
    • A Bachelor's Degree or comparable work experience
    • 2+ years of work experience in Application Security, Information Security, or Compliance
    • Commitment to continuous learning and ability to adapt to changing circumstances to stay ahead of the curve
    • Experience with programming languages (such as TypeScript/JavaScript, React, and Python); awareness of potential security flaws and secure coding practices
    • Familiarity with security frameworks and standards (OWASP Top Ten, ISO 27001)
    • Experience with security tools and technologies (SAST, IDS/IPS, firewalls, WAF, CSPM, SCA, CI/CD, IaC)
    • Experience with database and data storage design with an understanding of how database roles and permissions relate to attack surface.
    • Experience working in cloud hosted SAAS environment (preferably AWS)
    • Knowledgeable on public key infrastructure, symmetric and asymmetric encryption.
    • Ability to critically evaluate the security of a system, identify potential vulnerabilities, and assess the impact of different security measures.
  • Communication skills
    • Ability to concisely communicate risk and recommendations for security issues to engineering teams
    • Excellent communication skills; able to articulate complex security concepts to developers and other stakeholders in an understandable way.
  • Ability to operate well in a project-oriented setting
    • Capacity to manage sensitive and secret information
    • Ability to handle numerous activities at once
    • Well developed analytical and problem-solving capabilities
    • Ability to work effectively in a team, respect different perspectives, and collaborate towards a common goal.
    • Demonstrated initiative, customer orientation, and teamwork competencies

At this point, we hope you're feeling excited about the job description you’re reading. Even if you don't feel that you meet every single requirement, we still encourage you to apply.

At Alloy, we strive to attract & retain talent by providing compensation that is competitive with other organizations of our size & stage. We are committed to ensuring each candidate has what they need to be successful in their role with a balanced range of compensation, equity, perks & benefits. We actively share our compensation philosophy with employees, with the goal of fostering open and honest dialogue. Finally, we work to administer our philosophy and drive consistency in order to promote equity and monitor the fairness of each outcome.

We want people to feel comfortable expressing their true selves and to come, stay, and do their best work here.

This position has a minimum base salary of $140,000 and a midpoint base salary of $165,000. The base pay may vary depending on job-related knowledge, skills, and experience. In addition to a competitive base salary, this position is also eligible for equity awards in the form of stock options (ISOs).

Benefits and Perks 

  • Unlimited PTO and flexible work policy
  • Medical, dental, vision plans with HSA (monthly employer contribution) and FSA options
  • 401k with 100% match up to 4% of annual employee compensation 
  • Eligible new parents receive 16 weeks of paid parental leave 
  • Home office stipend for new employees
  • Learning & Development annual stipend
  • Well-being benefits include access to OneMedical, Headspace, and more

We're a lean team, so your impact will be felt immediately. If this all sounds like a good fit for you, why not join us?

How to Apply

Apply right here. You've found the application!

Alloy is proud to be an equal opportunity workplace and employer. We’re committed to equal opportunity regardless of race, color, ancestry, religion, gender, gender identity, parental or pregnancy status, national origin, sexual orientation, age, citizenship, marital status, disability, or veteran status. We are committed to an inclusive interview experience and provide reasonable accommodations to applicants with visible and invisible disabilities. We encourage applicants to share needed accommodations with their recruiter.