Why Glassdoor?
When you work for Glassdoor, you help people everywhere get ahead in work and life. That’s because we’re moving fast to become the leading community for workplace conversations. Every day, we foster radical transparency by giving professionals a platform to connect authentically and anonymously. Think real talk with real people — plus company reviews and ratings, salary info, job listings and more.
Join us as we make worklife better, together.
About the Role
As a Sr Application Security Engineer, you will be improving Glassdoor’s application security posture and keeping our platform safe for millions of customers around the world! We are looking for someone who loves to analyze, test and triage application vulnerabilities, manage our public bug bounty program, participate in code and product security reviews, and help our Developers bake security into their day-to-day workflows and CICD. You will partner closely with our Product and Engineering teams, our vendors, and external testers, so solid interpersonal skills are a must. This role is a great opportunity to advance an application security program and drive remediation of security weaknesses with an enterprise-wide impact!
What You’ll Do
- Be an advocate for application security within the organization
- Help develop and maintain a risk-based application security program based on a well-defined application security framework
- Enhance and manage Glassdoor’s public bug bounty program, application security tool stack and automated security checks in the CICD pipeline to optimize vulnerability and misconfiguration detection
- Find common patterns and themes within application vulnerabilities and work with Engineering teams to address the root causes
- Participates in the strategic decisions related to the requirements, design, implementation, and operations of application security framework, processes, and technology
- Execute security-focused code, architecture and integration reviews
- Coordinate or conduct penetration testing and drive remediation efforts to completion
- Keep abreast of the latest security issues and technologies
- Own and improve process and procedural documentation
- Participate in on-call rotation (nights and weekends) for Security Operations alert response
- Assist with daily activities and functions of the Security team (including alert & incident response) to maintain security posture as well as policy and compliance commitments
What You’ll Bring
- A commitment to add to our culture of DEI.
- 5+ years of experience in web application penetration testing or a security-focused application development role is a must
- AWS Security, CISSP, CEH, GWEB, GCIH or equivalent certifications are preferred
- Deep knowledge and familiarity with Cybersecurity Framework, including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten
- Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens is a must
- Possess a relentless desire to (ethically) break into things and can communicate the attack scenarios and mitigation options based on standard framework is desired
- Ability to read and understand Java, JavaScript, and Python
- Ability to automate repetitive tasks, using Python or other scripting language, is a plus
- Ability to work in a diverse, fast-paced environment and effectively collaborate across teams
- Outstanding written and oral communication skills with demonstrated ability to clearly articulate to both a technical and functional audience
Compensation and Benefits
Base salary range*: $112,200.00 - $149,000.00
*Glassdoor base salaries are targeted to the market 75th percentile for technical roles and the 65th percentile for non-technical roles. In other words, 65-75% of comparable organizations in our industry will pay less.
Annual Bonus Target**: 10%
**Bonuses are paid in 6-month intervals, aligning with bi-annual performance reviews
Generous Restricted Stock Units (RSU):
***Restricted Stock Units (RSU) are awarded at hire and may be refreshed annually. Additionally, as a pay-for-performance company, RSU grant awards are presented bi-annually to exceptional performers.
You can learn more about our compensation philosophy here and see salary ranges for all Glassdoor jobs here.
Health and Wellness: 100% employer-paid premiums for employee medical, dental, vision, life, short and long-term disability, select well-being programs, along with 80% employer-paid premiums for all dependents.
- Generous paid time off programs for birthing and non-birthing parents are provided, along with paid injury/illness leave and paid family emergency leave.
Coverage begins at the start of employment. After 48 months of continuous employment, 100% of all premiums for you and your dependents can be employer-paid!
Work/Life Balance: Open Paid Time Off policy, in addition to 15-20 paid company holidays/year
Investing in Your Future: 401(k) plan with a company match up to $5,000 per year, subsidized fertility and family planning services, and discounted legal assistance services.
Our Commitments
- Come as you are: At Glassdoor diversity is not a slogan; it’s a core factor in our success. We welcome your background, experience and ideas because you help us understand and better serve our world. You make us stronger.
- Grow your career: Glassdoor is small enough for you to see the impact of your contributions, while large enough to offer significant resources and endless opportunities to grow. This is a great place to make a career.
- Find your people: Ask anyone who works here: it’s the people who make the difference. We are a group of well-rounded humans who support one another and work hard together to bring the Glassdoor mission to life.
- Discover flexibility: With flexible hours and a where-to-work policy, Glassdoor allows you to take on professional and personal responsibilities — enhancing both productivity and your well-being.
Glassdoor is committed to equal treatment and opportunity in all aspects of recruitment, selection and employment without regard to race, color, religion, national origin, ethnicity, age, sex, marital status, physical or mental disability, gender identity, sexual orientation, veteran or military status or any other category protected under the law. Glassdoor is an equal opportunity employer; committed to creating a community of inclusion, and an environment free from discrimination, harassment and retaliation.
Where-to-Work Policy
Being a remote-first company, Glassdoor employees can live anywhere Glassdoor is a registered company. Requests to move must be approved by an employee’s manager and the People team. While we will try our best to support relocation requests, some requests may not be approved due to various tax, legal, or other restrictions.
Enjoy Remote and Explore: Employees authorized to work in their current location may Work Away for up to a total of 30 (thirty) working days in a calendar year without permanent relocation and compensation change. Employees on visas may work Work Away for up to a total of 20 (twenty) working days in a calendar year without permanent relocation and compensation change. The amount of time and location for Work Away must be approved by the employee’s manager and People Operations team at least two (2) weeks in advance of travel.