Senior Software Engineer - Application Security
Posted on: January 15, 2022
Lob was built by technical co-founders with a vision to make the
We offer two flagship APIs (print & mail and address verification)
that enable companies to send postal mail as effortlessly as
sending emails. Lob is venture-backed by the most reputable
investors in tech, and we are rapidly growing our team to shape the
future of our company and meet the demands of a quickly growing
customer base and dynamic product offerings.
As a proud Pledge 1% company, we're committed to leveraging our
product, partnerships, and people to drive positive social impact
through Lob.org , and are on a mission to make direct mail more
About The Role
The position is for a hands-on application security engineering
role, embedded within Lob's infrastructure team. You will have the
opportunity to partner and mentor many different engineers across
the organization to help them find, prioritize and fix security
issues in our products from feature inception to high-impact issues
in production. You will be expected to help strategically define
processes such as design guides, guardrails, bug bounties, and
vulnerability management strategies in partnership with our
GRC/Security compliance team. You are also expected to be the
domain specialist in one or several parts within the Secure
Software Development Lifecycle (SDLC) to mentor and empower other
As a/the senior application security engineer, you'll...
Act as a subject matter expert on application security and partner
with others to identify, measure, report, and proactively address
security and privacy concerns.
Understand business requirements when applying security controls
that comply with industry-standard methodologies to avoid adversely
affecting desired functionality.
Help manage Lob's application bug bounty program with the help of
other application, platform, and security engineers.
Work closely with the platform and infrastructure teams to
prioritize roadmap initiatives that improve the SDLC by elevating
observability and security controls.
Collaborate closely with the infrastructure, platform, and
GRC/security compliance teams to help identify gaps in capabilities
or areas of improvement to introduce new tooling, processes, and
controls to further secure the Lob platform.
Design, automate, and evangelize DevSecOps practices to enable
security operations at scale, thereby creating a secure-by-default
What you will bring to this role...
5+ years of application software development.
3+ years of experience in application security engineering, in
cloud-native organizations, with a demonstrated history in
improving the SDLC at previous companies through high-impact,
Strong software development skills with NodeJS, Golang, and
Subject-matter expertise in web application security, OWASP Top 10,
secure code best practices for NodeJS, Golang, Python.
Experience with Static and Dynamic Code Analysis tools, building
security checks into CI/CD pipelines.
Experience with AWS/GCP/Azure and containerized and serverless
environments, ensuring that security architecture and engineering
aligns with up-to-date best practices.
Excellent written and oral communication skills, as well as social
skills including the ability to articulate to both technical and
Bonus points for...
Experience in managing an Application Security Program.
Experience in a DevSecOps environment.
Experience with HashiCorp tooling (Terraform, Consul, Nomad,
Vault), AWS, Datadog, Sift and how to securely leverage other SASS
Experience with Penetration testing, offensive security, bug bounty
programs and how to mitigate the risks.
Since great engineers come from a variety of backgrounds, it
doesn't particularly matter if you have a specific degree-we want
to hear about your contributions in a real-world setting.
We're not just building a platform to make the world programmable.
We're also designing a great place to work , and ------a ground
floor opportunity as an early member of the Lob team; you'll
directly shape the direction of our company.
Health benefits for you and your dependent(s)
Medical Flexible Spending Accounts (FSA)
Unlimited vacation policy
Wellness program (includes monthly stipend or free Barry's Bootcamp
Paid parental leave
Paid volunteer time off to support the organizations you care most
Commuter & Parking benefits (includes monthly stipend) for those
based out of our San Francisco office
Free lunch, snacks and dinner when working at our San Francisco
Dog-friendly San Francisco office
Allowance for in-person team meetings (all flights and
accommodations covered) for those not based out of our San
Home-office setup and phone/internet stipend for those not based
out of our San Francisco office
Ground floor opportunity as an early member of the Lob team; you'll
directly shape the direction of our company
Our Commitment to Diversity
Lob is an equal opportunity employer and values diversity of
backgrounds and perspectives to cultivate an environment of
understanding to have greater impact on our business and customers.
We encourage under-represented groups to apply and do not
discriminate on the basis of race, religion, color, national
origin, gender, sexual orientation, age, marital status, veteran
status, disability status, or criminal history in accordance with
local, state, and/or federal laws, including the San Francisco's
Fair Chance Ordinance.
#86 on Y Combinator's Top Private Companies List 2021
BuiltIn Best Midsize Companies to Work For 2021
2020 Inc 5000 List of the Fastest-Growing Private Companies
2019 Timmy Awards - Best Tech Workplace for Diversity, Community
Favorite in the Bay Area
Deloitte's 2019 Technology Fast 500
Keywords: Lob, Visalia , Senior Software Engineer - Application Security, IT / Software / Systems , Stratford, California
Didn't find what you're looking for? Search again!