Senior Application Security Engineer
In 2007, two software engineers and serial entrepreneurs founded a technology company, ezCater. Today, ezCater is the only nationwide online marketplace for business catering in the United States a $23.9 billion market. Our 3.6M+ on-time ratings and reviews, our 60K+ caterers and restaurants, and our 5-star customer service make it superbly easy for business people to find and order great food for their meetings and events. We’re backed by Insight Venture Partners, Iconiq Capital, and Wellington Management, we're on a path to $2B in 2020, and we'll get there - even more surely if you come help us.
ezCater is seeking a skilled Security Engineer who will be responsible for creating and maintaining secure development practices for ezCater product teams. The Security Engineer will perform a broad range of software development and testing tasks at every stage of the SDLC; identify and coordinate with consultants and vendors providing security services; participate in choosing tools and technologies to enable developers and testers; and analyze, interpret, and drive remediation of results from static and dynamic analysis tools. We’re seeking someone with hands-on ability to work with state of the art tool to analyze complex systems, identify security issues at both the architecture and code level, and provide specific implementation solutions.
What you’ll do:
- Perform design consultation, architecture review, threat modeling, code review, and testing.
- Assist in the development of test cases, scripts, procedures, and tooling for QA security testing.
- Perform application vulnerability assessments
- Analyze output from security tooling and provide guidance to drive remediation
- Assess SDLC processes and provide guidance on increasing security review coverage
- Identify toolsets and vendors, drive adoption and implementation
- Consult with development and QA staff to remove false positives and prioritize remediation based on security scanning tools’ output
- Understanding and familiarity with common code review methods and standards in multiple languages (Ruby, Python, Java, etc.)
- Knowledge of secure configuration patterns for middleware and OS platforms; ideally Linux
- Demonstrated experience providing security review of web applications, mobile applications, thick clients, web APIs, AuthZ/AuthN protocols and technologies, and cryptography
- Experience with static analysis and dynamic analysis tools
- Experience with offensive security tools and methodologies
- Penetration testing experience, especially at the application level
- Familiarity with development and test toolsets (source code control, build systems, test automation, ticketing systems)
- Knowledge of OWASP tools and methodologies
- Knowledge of standard SDLC practices and security touchpoints in Agile, DevOps processes
- Experience with application security requirements of PCI, COBIT and ISO 27000
- Minimum of 3-5 years work experience in application security
- Minimum of 3-5 years of software development experience (Development or Automated QA)
- Knowledge of analytic and monitoring tools (ElasticSearch, Sumo, and Kibana (ELK) and/or Splunk)
- Ability to reverse engineer undocumented applications or architectures
- CISSP, CSSLP, CEH or equivalent security certifications
What you’ll get from us:
Importantly, you’ll get sane working hours and a huge amount of flexibility around work/life balance. Have people in your life – of any age – who always, often, or sometimes need your help? We make room for that. Have a bad thing or a good thing happen to you? We make room for that, too.
Oh, and here’s what else you’ll get: Market salary, stock options you’ll help make worth a lot, the usual holidays, all-you-can-eat vacation, 401K, health/dental/FSA, long-term disability insurance, subsidized T-passes, a great office in the heart of Boston, a tremendous amount of responsibility and autonomy, wicked awesome co-workers, cupcakes (and many more goodies), and knowing that you helped get this rocket ship to the moon.
ezCater is an equal opportunity employer. We embrace humans of every background, appearance, race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, and disability status. At the same time, we do not employ jerks, even brilliant ones.