We are seeking an Application Security Engineer to act as the essential bridge between our security and engineering teams. This role was initiated to ensure security is deeply integrated into our engineering processes. You will be working with both the Security and Engineering teams, serving as an "engineering first" advocate who brings adversarial thinking to our development lifecycle. Instead of operating as a final checkpoint, you will help make security a foundational part of how we build. The role reports into the Strike CISO.

This position is open to candidates based in the US or Europe.

Key Responsibilities

• Cross-Team Collaboration & Oversight: Function as a normal part of the engineering team by participating in new Request for Comments (RFCs), Product Requirements Documents (PRDs), code reviews, and project planning meetings.
• Adversarial and Threat Analysis: Provide deep security probing and adversarial thinking on features with clear security implications, such as identity servers and authentication endpoints.
• Vulnerability Management: Take ownership of vulnerabilities found specifically in code, ensuring they are properly assessed and mitigated.
• Infrastructure & Tooling Management: Take ownership for Cloudflare controls, managing and constructing ingress Web application Firewall rules. Additionally, utilize code analysis tools to integrate security directly into our development processes.
• SIEM System Uplift: Create incident response workflows, alerting rules, and drive general improvements within our Security Information and Event Management (SIEM) system.
• Security Process Building: Define ownership, build scalable security capabilities, and collaborate across teams to empower other engineers to execute security tasks, rather than acting as a single point of failure.

Required Qualifications & Experience

• Engineering Background: Proven experience in pure development and coding.
• Google Cloud Platform and Kubernetes: Experience with deploying, designing and managing GCP services and Kubernetes containers.
• Code Review Expertise: Ability to thoroughly understand code, perform robust reviews, speak the language of developers, and accurately assess the exploitability of potential flaws.
• Security Mindset: Strong capability in threat analysis, out-of-the-box risk assessment, and understanding how threats are constructed.
• Technical Proficiencies: Hands-on experience with SIEM system, Terraform code and firewall or Web Application Firewall (WAF) rule construction.

US-Based Positions

• Salary range: $195,000 - $210,000
• Equity in a high-growth startup
• Health, dental, and vision insurance premium contributions; short & long-term disability insurance and basic life insurance
• Cell phone and internet reimbursement
• Flexible PTO, sick leave & parental leave
• Access to a company 401k plan

Non US-Based positions

• Location Dependent

 

We do not make hiring decisions based on educational history whatsoever. Our Founder is a college dropout. We employ high school dropouts, PHD candidates and everything in-between. We do not hire credentials. We simply hire talented, passionate individuals who are excited to be a part of our team.

By clicking submit application below, you consent to our use and processing of your data as described in our Candidate Privacy Notice.