Senior Application Security Engineer

Job Title: Senior Application Security Engineer
Location: Denver, CO (Hybrid)
About FusionAuth

FusionAuth is a fast-growing startup and leading provider of customer identity and access management (CIAM) software headquartered in Denver, Colorado. Our mission is to make authentication and authorization simple and secure for every developer.  Our product helps businesses securely manage customer identities and access, ensuring a seamless and safe user experience for some of the largest brands in the world. We are committed to delivering exceptional value and satisfaction to our clients through top-notch service and support.  With a great team and strong investors, we are expanding our team to help accelerate our growth and take FusionAuth to the next level.

Job Summary

We are seeking a Senior Application Security Engineer to join our engineering team. In this role, you will be responsible for ensuring that our applications and infrastructure meet stringent security standards. Additionally, you will be instrumental in fostering a security-centric culture throughout the engineering teams. To excel in this position, you should possess a creative and quantitative mindset, along with a deep understanding of secure coding practices. A strong passion for authentication, authorization, and user management is essential. Prior experience in security-focused roles or practices, such as penetration testing (PEN testing), bug bounties, or similar endeavors, will be highly valued. This position is based in the Broomfield, CO area and requires part time attendance 1-2 days per week in the office.
Responsibilities

• Participate in threat modeling, code reviews, and security audits to strengthen our applications against vulnerabilities.
• Manage our bug bounty program by validating submissions and assessing awards.
• Research and integrate security tools into our development processes and pipelines.
• Design and implement new features with an emphasis on secure coding practices and risk mitigation.
• Write and maintain extensive, security-focused tests, including unit, integration, and vulnerability tests.
• Maintain our software with bug fixes, enhancements, and security patches.
• Produce clear, high-quality documentation for new features and security protocols.
• Contribute to platform roadmap planning and software architecture with an application security perspective, including prioritization of security-related bug fixes.
• Advocate for best practices in security within the Engineering organization, including developing training curricula on secure coding practices.

Qualifications Required

• 5+ years of professional software development experience with a significant focus on application security.
• Bachelor’s degree in Computer Science or equivalent practical experience with a strong understanding of secure software development principles.
• Expertise in Java web-application development and security.
• Proven experience in roles with security responsibilities, such as PEN testing, bug bounties, or similar security assessments.
• Highly proficient in object-oriented design and implementation with a secure development mindset.
• Strong understanding of the full web stack, including HTTP, TCP/IP, and REST, with an awareness of potential vulnerabilities in these areas.
• Experience building highly available, high-performance, scalable, and secure applications.
• Expertise in developing multi-threaded, API-first applications with secure data handling practices.
• In-depth knowledge of unit, integration, and vulnerability testing to ensure the robustness of our applications.
• Experience across the stack, from cloud infrastructure to front-end security practices.

We believe the following qualities will enhance your success in this role:

• You are analytical and data-driven, using metrics to understand and mitigate security risks.
• You have an interest in the authentication and authorization space, with a focus on security.
• You bring a strong yet flexible approach to security, ready to adapt as the landscape changes.
• You quickly learn new technologies and security practices.
• You’re excited about contributing to our open-source projects and building a secure ecosystem.
• You thrive in a startup environment and bring a proactive, security-focused mindset to your work.

Compensation

• $140 - 200k expected base salary range*