Lead Application Security Engineer
Remote (PT through ET Time Zones) /
Product, Engineering & Design /
We see a future where it’s easy to bring a great idea into the world using the internet, while respecting data security and privacy. The next generation of businesses will design security and privacy into their operating processes. If every business is going to be a software business, every business will need to be a security business.
We’re working to make information security a core competency of every startup. We envision a world in which startups have access to great information security, are empowered to focus on their businesses instead of on compliance, can scale faster and more efficiently, and are confident that they're creating quality products.
We wrote the Aptible Owner's Manual to help members of the company get a clear sense of what this team is — what we mean by “us.” We've now made this open to the world and invite you to read it, as a prospective member of the Aptible Team.
Our Commitment to Diversity and Inclusion
We prioritize diversity within our team and value different perspectives, educational backgrounds, and life experiences. We encourage people from underrepresented backgrounds to apply.
About this Role
The Lead Application Security Engineer will be responsible for continuously improving the security posture of a company (Aptible) whose mission is to build trust on the internet. Reporting directly to our Co-Founder and CTO, you'll continuously improve the security of our applications and infrastructure, oversee our reactive security processes, define security guidelines for all engineering projects, mentor the Engineering Team on security principles and best practices, and elevate the level of security competency team-wide.
Your Impact: Outcomes
- Implementing a system for (proactive) continuous security improvement. We’re conducting risk assessments, penetration testing, red team assessments, defense-in-depth analyses; using these processes to generate clear security improvement goals; and we’re measuring and hitting those goals.
- Successful execution of major security improvement projects. As part of our risk assessment process, we’ve identified major projects to improve the security of our applications and we’ve completed these projects on schedule.
- Successful performance on reactive security processes. We’re meeting 100% of our target response times for vulnerabilities and security incidents.
- Leveling up the security competency of the existing team. Team members are participating in security reviews throughout the software development lifecycle, from architectural planning through pull request review. We’re training the engineering team effectively through activities like CTF exercises, and security training is baked into new engineer onboarding.
- Building a Security Engineering Team. We’re hiring and retaining strong Security Engineers to keep up with the increasing demands for Security Engineering.
- Deep experience with core security engineering practices. Your recent experience has been focused on security engineering: risk assessment, penetration testing, red team assessments, defense-in-depth, vulnerability remediation, incident response.
- Experience on a seasoned Security Engineering team. Aptible’s DNA is rooted in security and compliance, but given our small size, you’d be the first Security Engineering hire. As a result, we’d be looking for you to bring your knowledge of what works — and what doesn’t — on more mature Security Engineering teams.
- Aptitude and appetite for leadership. Prior management experience is not necessary, but as the first and principal Security Engineer at Aptible, you’ll have the opportunity to hire a team that reports to you, in order to keep up with our increasing security needs as we scale.
- Work from Anywhere: Enjoy the flexibility of working from home, a local co-working space, or your favorite coffee shop.
- Open Vacation Policy: We encourage you to take the time you need, when you need it — for any holiday or matter of personal importance.
- Paid Parental Leave: We offer job-protected Paid Time Off — 14 Weeks, Fully Paid — for all parents to bond with a newly born, adopted, or fostered child.
- Medical, Dental, and Vision Insurance: We offer comprehensive health care for employees, with 100% of premiums paid by Aptible.
- Hardware & Software: We help you create your ideal office setup and provide any software you’ll need.
- Company Travel: We come together in-person at least two to three times per year, in locations around the globe.
Our Interview Process
We seek to make the experience of interviewing with us as delightful, efficient, fair, respectful, and transparent as possible.
A typical process at Aptible might include the following steps, and takes approximately 3 Weeks to complete. We try to move as quickly as possible, but if you have any time constraints, please let us know and we'll do our best to accommodate.
1) An Introduction to Aptible with the Hiring Manager (30 Minutes via Zoom)
2) A Discussion-Based Interview with an Aptible Team Member (45-60 Minutes via Zoom)
3) A Take-Home Work Sample Exercise (NB: You will be compensated for completing this.)
4) A Discussion-Based Interview with an Aptible Team Member (45-60 Minutes via Zoom)
We believe that the Work Sample Exercise is an important part of the process, in that it gives you the opportunity to demonstrate your skills in a concrete way. We take the time to design these exercises such that they: a) give you a view into the actual work you'd do at Aptible, and b) are standardized, so every candidate is evaluated using the same criteria.
Lastly, Aptible conducts calls with 3-4 References, ideally managers who have directly supervised you in the past and/or colleagues who can speak to your work.
If you have a disability or special need that requires accommodation, please let us know by completing this form, and we will reach out soon to see how we may be able to assist.