Senior Application Security Engineer
What You’ll Be a Part Of:
ActionIQ is a leader in the massive and fast growing category of Customer Data Platforms (CDP). Our product brings order to Customer Experience (CX) chaos. ActionIQ’s CX Hub empowers everyone to be a CX champion by giving business teams the freedom to explore and take action on customer data, while helping technical teams regain control of where data lives and how it is used. We are backed by top-tier VCs Andreessen Horowitz, Sequoia Capital, and March Capital. Enterprise brands such as Autodesk, Bloomberg, Morgan Stanley, The Washington Post, Hertz, At
Who We Need:
ActionIQ is looking for a Senior Application Security Engineer to join our lean Security Team. As a Senior Application Security Engineer, you will be critical to the success of our company. Reporting directly to the VP of Information Security, the candidate will work with multiple and diverse teams across ActionIQ, including, but not limited to, Product, Infrastructure and Engineering, Legal, IT Operations, and Security. The role plays a critical function in ActionIQ's application and cloud security efforts to ensure we are continuously improving the security of our products and services. The ideal candidate is a proven security technology and methodology expert who enables other engineering partners to make the right security design decisions and trade-offs.
The Team You’ll Join:
Given the size of ActionIQ today, it is pivotal we work cross functionally with all teams in the organization to help drive positive change. We help improve the organization's security posture in the marketplace and drive business by speaking to security features with external stakeholders to aid the sales team in winning deals. No day is the same and that is exciting! In a day you can find yourself working on anything from triaging security related incidents or industry vulnerabilities, to project managing a multi-team effort to implement top tier security throughout ActionIQ product and the systems that support it.
How You'll Contribute:
- Create detailed process management workflows to ensure security engineering activities are tracked, processes reviewed, policies are followed, and audit requirements are met.
- Build trusted relationships with product engineering teams, developers, and architects, establishing yourself as a security authority with deep understanding of their roadmap and priorities.
- Build internal security tools that help fix security problems at scale.
- Integrate security controls into all stages of the software development life cycle (SDLC), including automating security measures into the CI/CD pipeline.
- Collaborate on the implementation and management of SAST, SCA, DAST, and other scanning solutions to provide coverage for the application portfolio
- Conduct security architecture design reviews, application risk assessments and threat modeling to identify potential security risks.
What You Bring:
- Minimum 7+ years of overall experience in information security with technical experience in any combination of the following: threat modeling experience, application security risk assessment, secure coding or OWASP ASVS, OWASP Top Ten exploitation paths, secure identity management and authentication, software development, and network security.
- Minimum 5 years of experience of application security engineering and preferably in one or more of the following languages (Scala, Python, Typescript, Bash)
- Minimum 3 years of experience with cloud environments (AWS preferred, Google Cloud, K8s, Containers, etc.)
- Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty.
- Technical knowledge on operating and cloud system security leveraging configuration standards such as CIS.
- Extensive understanding of MITRE ATT&CK, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
- In depth knowledge of common web application vulnerabilities (ex. OWASP Top Ten, SANS Top 25)
- Experienced in security testing tools and techniques, such as vulnerability management, SAST, Secret scanning, SCA, and penetration testing. Knowledge of identifying key risk indicators is important.
- Strong analytical skills with the ability to identify and mitigate security risks.
- Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling.
- Preferred but not required: Application security certifications.
- Our compensation package includes base salary, stock options, and the great benefits shown below. The salary range for this role is: $165,000 - $185,000
Benefits & Perks Preview:
- Stay Happy and Healthy: Enjoy leading Medical, Dental and Vision benefits, 401k, FSA, Commuter Benefits, Gym Reimbursement, flexible PTO and 12-weeks paid parental leave
- Accelerate Your Career: Opportunities to explore, enhance, and expand your skill set through conferences, workshops, and access to Udemy learning courses.
- Enjoy the View: We have a beautiful office in NYC right on Madison Square Park, and local employees come into the office on a hybrid schedule, three days a week (M, W, Th) #LI-Hybrid. Office perks include catered lunches, a stocked kitchen with beverages and snacks, and monthly social hours.
- Join a Community: Work with a fun, inclusive, and smart team of people as we build a New York City based enterprise software company.
- For additional information about all of our benefit offerings, check out our Careers page.
Learn from your future colleagues:
- Learn more about the next chapter for us, our customers and the future of customer experience here.
- To find out more about our people and Life At AIQ, be sure to visit our Medium Tech and Life blogs.
Your Interview Journey:
- Check out this guide for an overview of our interview process.
ActionIQ is committed to building an inclusive, equitable, and diverse organization. We embrace equal opportunities for all applicants and want to foster a culture of belonging for our employees. We recognize and appreciate that the more inclusive we are, the better we will function as a team. AIQ welcomes applicants of any race, color, ancestry, religion, sex, national origin, gender identity, gender expression, age, marital or family status, disability, military veteran status, and any other status or background.