Facebook pixel

Application Security Engineer
Posted on 12/2/2022
San Francisco, CA, USA
Experience Level
Desired Skills
Android Development
Data Structures & Algorithms
  • 5+ years of experience in security engineering, DevSecOps, application development
  • Excellent knowledge of the CVSS, MITRE ATT&CK, and OWASP Top 10
  • Proficiency in TypeScript
  • Practical understanding of AWS and its core services (VPC, EC2, RDS)
  • Demonstrated experience in modern application architecture and deployment practices
  • Practical understanding of NIST SP 800-218 (Secure Software Development Framework)
  • Experience with Library/API/Framework development
  • Experience with integrating security scanning tools with CI/CD, Web Application pentesting, fuzzing and DAST
  • Expertise in verifying and measuring common security vulnerabilities, and demonstrated ability in communicating these concepts to both technical and non-technical partners
  • Exposure to most of the following technologies: AWS, iOS, Android, Vault, Kubernetes, PKI, React, GraphQL, Datadog
  • Knowledge of cryptography including algorithms, standards, and their practical applications such as x.509 certificates
  • Experience defining security architecture patterns and standards
  • Proficiency in modern security evaluation tooling (Burp, Wireshark, Kali et al.)
  • Preferably, understanding of regulatory compliance concerns (GLBA, CCPA, PCI)
  • The Triple H Factor: Humble, Hungry and Honest
  • An act-like-an-owner mentality. We have a bias toward taking action
  • Competitive cash - we don't discount based on location
  • Benefits effective on day one
  • Early access to a high potential, high growth fintech
  • Generous stock option packages in an early-stage startup
  • Remote friendly (anywhere in the US) and office friendly - you pick the schedule
  • Flexible time off programs - vacation, sick, paid parental leave, and paid caregiver leave
  • 401(k) plan with match
  • Ensuring the quality and security of our applications and products by guiding their development through the Secure Development Lifecycle (SDLC) process
  • Performing SAST/DAST and penetration testing on core application services, web applications, and mobile applications
  • Developing, maintaining, and extending our in-house application security and penetration testing automated testing framework
  • Developing safe libraries and hardening existing libraries and frameworks to eliminate classes of vulnerabilities
  • Ensuring SDLC practices are enforced via Infrastructure-As-Code (IaC) policies, wherever possible
  • Working closely with Engineering teams to validate the security posture of new features prior to production deployment
  • Triaging and validating security vulnerabilities found or reported, and serving as a subject- matter expert in AppSec to the Engineering team in identifying and implementing mitigation solutions
  • Refactoring and deploying secure libraries and frameworks across the code repository
  • Training engineers, architects, code reviewers, and others on secure coding practices
  • Contributing to application threat models
  • Constantly maintaining awareness of known vulnerabilities in application technologies used within ONE
  • Working with the Security and other engineering teams to maintain a security architecture that provides security controls throughout all platforms to mitigate risk, and to meet goals and regulatory requirements
  • Providing expertise around code-level security concerns during product development
ONE Finance

201-500 employees

Financial optimization & savings platform
Company Overview
One's mission is to help millions of people save and grow their money. The company offers a free digital spending and saving account that organizes your money into different categories for saving, spending and sharing.