This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

The Senior Application Security Engineer will play a critical role in ensuring the confidentiality, integrity, and availability of ComplyAuto applications and systems. You will work closely with cross-functional teams to design, implement, and maintain security measures that protect our infrastructure and customer data. This role will bring a strong background in application security, experience in startup/SaaS environments, and a solid understanding of Governance, Risk, and Compliance (GRC) principles.

• Develop and maintain software application security policies and procedures
• Conduct secure code reviews, threat modeling, and manual security assessments to identify potential risks, vulnerabilities, and exploits in ComplyAuto applications
• Collaborate and provide actionable technical guidance to the software development team on remediating application security vulnerabilities and exploits
• Promote secure coding best practices based on recognized standards
• Develop and maintain documentation of application security controls
• Implement software application security controls
• Design and deliver periodic secure code training
• Design technical solutions to address security weaknesses
• Participate in incident response for application-related events, including lessons learned and design of test scenarios
• Manage application security testing tools and platforms
• Integrate and automate security testing as part of the CI/CD pipeline

Qualifications

• Bachelor's degree in Computer Science, Software Engineering, or a related field; or equivalent work experience
• 5-7+ years of experience as an Application Security Engineer, with experience in Cloud Security
• Proficient in securing programming languages, including React, TypeScript, and Node.js
• Strong understanding of relational database security
• Knowledge of securing APIs
• Experience configuring and managing both SAST (e.g. Synopsis, Snyk, Checkmarx, Veracode) and DAST (e.g. Stackhawk, Qualys, Burp Suite) tools
• Experience with Cloud Infrastructure (AWS, Azure, GCP) and securing SaaS applications
• Excellent communication skills, with the ability to effectively communicate complex technical concepts to both technical and non-technical stakeholders
• Strong problem-solving and analytical skills
• Knowledge of Secure Coding techniques
• Familiarity with industry accepted security and compliance frameworks (e.g. NIST CSF, CIS, SOC2, PCI-DSS, etc.)
• Familiarity with regulatory requirements (e.g. CCPA, GLBA, etc.)
• General knowledge of governance, risk, and compliance

Requirements

• Experience as a Security Engineer with a focus in Application Security
• Ability to work in a fast-paced, high growth startup environment
• Proficient with security tools and technologies
• Understanding of web application architecture
• Familiarity with performing threat modeling
• Security Certifications are a plus
• Applicants must be authorized to work in the United States and able to provide proof of work authorization within three days of start date
• This is a fully remote opportunity, but candidates must reside within the Continental United States
• We are not accepting applications from candidates residing in California, Hawaii, and Alaska for this position
• Background check required

Benefits

• Salary Range: $145,000-$155,000
• 401(k) 5% match (1:1)
• Medical, dental, and vision insurance; premiums we pay 100% for employee and family
• HSA contribution for qualifying plans
• Unlimited Paid time off and 11 observed holidays
• Laptop and related hardware required provided

Company Description

ComplyAuto is a RegTech company offering cloud-based software that helps companies enhance their compliance and security capabilities while becoming more efficient and cost-effective. ComplyAuto manages and automates compliance decisions, performing tasks that would normally require manually-intensive processes and human intelligence.

ComplyAuto began as a privacy compliance company for automotive dealers, but has quickly expanded into other verticals and compliance areas including cybersecurity, EHS (environmental, health, and safety), and legal compliance.