Application Security Engineer

Role Description:

You will be a leader within our application security team.  The goal of Guild Education’s application security program is to ensure that software engineering teams across the company are enabled to securely design, build, test, and maintain the applications that power our business.  Our guiding principle is to pave roads and enable our engineers to deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDL).  We take a customer-service oriented approach to support, coach, and empower our engineers to do the right things without friction or slowing them down.

Responsibilities:

Develop and lead threat modeling training, workshops, and collaborative sessions for a wide array of cloud-based products and services. Champion threat modeling practices within the development teams, promoting best industry practices.

Collaborate with product and engineering on architecting resilient, security-first services

Build and deliver educational content to our engineers including hands-on training courses

Interpret findings from application security tools and provide coaching in remediation

Assist in the development of secure code libraries

Evaluate and classify findings from SAST, DAST, SCA and externally reported sources

Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks

Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms

Review and analyze existing processes and suggest improvements for increased security and efficiency

Requirements:

1-3 years in secure development/application security

Proficiency in one or more of modern programming languages

Proficiency in scripting

Hands-on experience with one or more application security testing tools (SAST, SCA, IAST, DAST)

Intimate knowledge of OWASP Top 10 Vulnerabilities, mitigations, and their impact on application architecture

Experience in web application security and SSDLC practices

Proficient in at least one general programming language such as JavaScript, Python, C/C++, Java, Rust, or Go

An understanding of web applications, web servers, layer 7 application technologies

Preferred Qualifications:

An understanding of AWS Well Architected Framework and Cloud native application development best practices

Experience with OWASP Application Security Verification Standards (ASVS)

Other Soft skills:

You are a great communicator who can explain technical issues and risks to a broad, non-technical audience.

You can work well with engineering, legal, security, devops, product, executives, and others.

You tailor your communication style, level of detail, and approach based on the audience.

Enjoys working directly with software engineers, including in new languages and tool chains

You are a strong collaborator and can influence technical teams, and you take them along with you.

You operate effectively across teams and disciplines even in highly ambiguous situations.

You have experience building inclusive team cultures

We feel passionately about equal pay for equal work, and transparency in compensation is one vehicle to achieve that. Total compensation for this role is market competitive, including a base salary range of $110,000-$130,000 as well as company stock options. 

Salary and compensation

No salary data published by company so we estimated salary based on previous jobs related to InfoSec, Engineer and Education jobs that are similar:

$70,000 — $120,000/year

Location

Denver, Colorado, United States