Senior Software Engineer - Application Security

Company: Lob
Location: Stratford
Posted on: January 15, 2022

Job Description:

Lob was built by technical co-founders with a vision to make the world programmable.

We offer two flagship APIs (print & mail and address verification) that enable companies to send postal mail as effortlessly as sending emails. Lob is venture-backed by the most reputable investors in tech, and we are rapidly growing our team to shape the future of our company and meet the demands of a quickly growing customer base and dynamic product offerings.

As a proud Pledge 1% company, we're committed to leveraging our product, partnerships, and people to drive positive social impact through Lob.org , and are on a mission to make direct mail more sustainable.

About The Role

The position is for a hands-on application security engineering role, embedded within Lob's infrastructure team. You will have the opportunity to partner and mentor many different engineers across the organization to help them find, prioritize and fix security issues in our products from feature inception to high-impact issues in production. You will be expected to help strategically define processes such as design guides, guardrails, bug bounties, and vulnerability management strategies in partnership with our GRC/Security compliance team. You are also expected to be the domain specialist in one or several parts within the Secure Software Development Lifecycle (SDLC) to mentor and empower other Lob engineers.

As a/the senior application security engineer, you'll...

Act as a subject matter expert on application security and partner with others to identify, measure, report, and proactively address security and privacy concerns.
Understand business requirements when applying security controls that comply with industry-standard methodologies to avoid adversely affecting desired functionality.
Help manage Lob's application bug bounty program with the help of other application, platform, and security engineers.
Work closely with the platform and infrastructure teams to prioritize roadmap initiatives that improve the SDLC by elevating observability and security controls.
Collaborate closely with the infrastructure, platform, and GRC/security compliance teams to help identify gaps in capabilities or areas of improvement to introduce new tooling, processes, and controls to further secure the Lob platform.
Design, automate, and evangelize DevSecOps practices to enable security operations at scale, thereby creating a secure-by-default platform.

What you will bring to this role...

5+ years of application software development.
3+ years of experience in application security engineering, in cloud-native organizations, with a demonstrated history in improving the SDLC at previous companies through high-impact, cross-functional projects.
Strong software development skills with NodeJS, Golang, and Python.
Subject-matter expertise in web application security, OWASP Top 10, secure code best practices for NodeJS, Golang, Python.
Experience with Static and Dynamic Code Analysis tools, building security checks into CI/CD pipelines.
Experience with AWS/GCP/Azure and containerized and serverless environments, ensuring that security architecture and engineering aligns with up-to-date best practices.
Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.

Bonus points for...

Experience in managing an Application Security Program.
Experience in a DevSecOps environment.
Experience with HashiCorp tooling (Terraform, Consul, Nomad, Vault), AWS, Datadog, Sift and how to securely leverage other SASS tooling.
Experience with Penetration testing, offensive security, bug bounty programs and how to mitigate the risks.

Since great engineers come from a variety of backgrounds, it doesn't particularly matter if you have a specific degree-we want to hear about your contributions in a real-world setting.

We're not just building a platform to make the world programmable. We're also designing a great place to work , and ------a ground floor opportunity as an early member of the Lob team; you'll directly shape the direction of our company.

Perks
Health benefits for you and your dependent(s)
Medical Flexible Spending Accounts (FSA)
Unlimited vacation policy
Wellness program (includes monthly stipend or free Barry's Bootcamp classes!)
Paid parental leave
401K
Paid volunteer time off to support the organizations you care most about
Commuter & Parking benefits (includes monthly stipend) for those based out of our San Francisco office
Free lunch, snacks and dinner when working at our San Francisco office
Dog-friendly San Francisco office
Allowance for in-person team meetings (all flights and accommodations covered) for those not based out of our San Francisco office
Home-office setup and phone/internet stipend for those not based out of our San Francisco office

Ground floor opportunity as an early member of the Lob team; you'll directly shape the direction of our company

Our Commitment to Diversity
Lob is an equal opportunity employer and values diversity of backgrounds and perspectives to cultivate an environment of understanding to have greater impact on our business and customers. We encourage under-represented groups to apply and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or criminal history in accordance with local, state, and/or federal laws, including the San Francisco's Fair Chance Ordinance.

#86 on Y Combinator's Top Private Companies List 2021
BuiltIn Best Midsize Companies to Work For 2021
2020 Inc 5000 List of the Fastest-Growing Private Companies
2019 Timmy Awards - Best Tech Workplace for Diversity, Community Favorite in the Bay Area
Deloitte's 2019 Technology Fast 500

Keywords: Lob, Visalia , Senior Software Engineer - Application Security, IT / Software / Systems , Stratford, California