This job post is closed and the position is probably filled. Please do not apply. Work for Redox and want to re-open this job? Use the edit link in the email when you posted the job!
Are you an Application Security Engineer who is passionate about empowering engineering teams to build secure software? Redox is searching for an exceptionally talented Senior Application Security Engineer to join our Security Team. In this role, you will set the direction for our application security processes, tools, and capabilities. Redox is an engineering-first company, building the future of healthcare information exchange, the platform to help power healthcare companies and applications to work together!\n\n\n\n\nResponsibilities:\n\n\n\n\n* Be an active voice in our small, focused security team as the primary engineer responsible for Application and Product Security.\n\n* Empower Redox to reduce avoidable vulnerabilities introduced into code, reduce the time to detect vulnerabilities that do exist, and mitigate vulnerabilities detected as quickly as possible.\n\n* Approach securing our company pragmatically, empathizing with engineers, developers and security champions to understand their needs.\n\n* Perform risk assessments, threat models and code reviews for our application.\n\n* Communicate issues and progress on complex problems in terms easily understood by stakeholders.\n\n* Coordinate and manage our penetration testing and bug bounty programs.\n\n* Support and build valuable training activities that uplift developer awareness of secure coding practices.\n\n* Build and maintain tools that detect potential security issues within our development pipeline.\n\n* Maximize security impact and reduce risk while minimizing the negative impact on our businesses and developer velocity.\n\n* Mentor and guide engineering teams on best practices for keeping our applications secure.\n\n\n\n\n\n\n\n\n\n\nBackground and Experience Requirement:\n\n\n\n\n* Knowledge of current application security vulnerabilities, how to detect them, how to prevent them and how to create awareness of them.\n\n* Proficiency and hands-on experience using tools to which can detect security vulnerabilities, both statically and dynamically.\n\n* Experience securing Javascript, NodeJS and Typescript applications.\n\n* Experience with containerized and application mesh architectures.\n\n* Ability to communicate complex security threats and risks into simple terms for non-security (and even non-technical) stakeholders.\n\n* Development experience in at least two high-level languages such as NodeJS, Python, Ruby, C#, Scala, Java, etc.\n\n* Experience running threat modeling sessions with engineering teams.\n\n\n\n\n\n\n\n\n\n\nBonus Points:\n\n\n\n\n* Securing applications based on AWS Technologies\n\n* Offensive security (OSCP) certifications\n\n* Docker/K8 hardening experience\n\n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to InfoSec and Engineer jobs that are similar:\n\n
$80,000 — $120,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
# How do you apply?\n\nThis job post has been closed by the poster, which means they probably have enough applicants now. Please do not apply.