Application Security Engineer at Fluid Truck
Summary of Role
The Application Security Engineer bears primary responsibility for the implementation and maintenance of Fluid's Secure Development processes and tooling. In this role the engineer will function as a key member of the applications team through delivery of security assessments, secure architecture review, security control analysis, review, and implementation. Additionally, the engineer will work with Product Management to evaluate and document security requirements for key initiatives in our product roadmap and have ownership of our vulnerability management framework. The ideal candidate will have extensive application security knowledge of GoLang and React Native applications and have experience performing source code reviews in an agile environment using both automated tooling and manual review. In the capacity as a subject matter expert, the engineer will partner with security champions on the engineering team to aid in the design and implementation of core security controls. The Application Security Engineer also works closely with and may even participate in the Security Incident Response Team to aid in collection of forensic evidence, root cause analysis, tactical mitigation of security vulnerabilities, and planning long-term or strategic remediation.
- Partner with the engineering teams to triage, prioritize, and mitigate security issues
- Design and implement tooling, processes, and controls to secure our applications
- Evaluate and be the security subject matter expert on our platform technology stack
- Participate in security testing and assessments
- Participate in architecture and design meetings as a Subject-Matter Expert
- Regularly perform assessments of applications
- Identifying and resolving complex issues and developing innovative solutions to achieve business, engineering, and security goals
- Complete corporate training and on-boarding requirements
- Complete secure development training modules
- Write an introductory blog post on the ITSEC Portal
- Complete and deliver a secure architecture analysis of the Fluid mobile and web application
- Present to stakeholders findings from the architecture analysis
- Work closely with the Head of Security on design and implementation of a Vulnerability Management Framework
- Complete other deliverable work as assigned
Experience and Qualifications
- Bachelor and/or Master Degree in Computer Science, Information Security or equivalent work experience
- 3+ years of experience delivering software in a SaaS environment or delivering penetration testing and architecture analysis
- 3+ years of experience working with secure code reviews, penetration testing, or other work in the security industry
- Extensive experience installing, configuring, and using automated SAST, DAST, and/or RASP tools
- Experience working in a cloud-native environment such as GCP, AWS, or Azure
- Experience with Kubernetes and micro-services architecture
- Extensive experience discovering, triaging, and remediating application security issues
- Experience working in automotive or short-term rental are a plus
- Ability to work on multiple projects simultaneously and balance conflicting demands
- Excellent communication skills; written and verbal
- Ability and willingness to participate in on-call and escalation in a fast-paced production environment
- Salary Range: $130,000 - $160,000+
- Health Insurance & Wellness: We currently cover 100% of the cost for employees' medical, dental, and vision insurance. We cover 50% of the cost for a spouse, children, and family coverage.
- Retirement & Stock Options: We provide a 401k option and also offer stock options for a rapidly growing company.
- Child Care & Parental Leave: We have a robust Parental Leave Policy available for new birth and adoptive parents.
- Vacation / Time Off: We offer unlimited PTO for Fluid Market employees.
- Culture: Fluid Truck has a true startup culture where your entrepreneurial spirit can flourish! We believe collaboration and building teams with unique and diverse perspectives are the true foundation for innovation. We are proud to announce our newly launched Culture Committee, where every single employee is welcome to join and discuss the initiatives that are important to them and how we "Stay Fluid" as we continue to grow. We are a company that likes to work hard and have fun together. You'll find us at a variety of different team-building events where all departments participate including company BBQs and Escape Rooms. Going even further, every department has a budget for its own activities and team-building events. We strongly believe in challenging our people and promoting from within whenever possible, so we are working towards providing professional development opportunities at a company level including Leadership Round Tables and Manager Training, in addition to other department and role-specific opportunities.