Senior Application Security Engineer
Engineering – Customer Security /
Coalition’s Insurance and Cybersecurity offerings come together to provide a comprehensive shield from cyber risk. We believe the task of locking down every system and keeping up with every vulnerability is challenging and while being proactive is important, it’s not enough because breaches and other compromises happen, even to the vigilant.
While we proactively help our customers understand active risks and shut them down, when all else fails, we are there for them financially and with services to help mitigate damage and come back stronger after an incident.
Help us protect the world against cyber risk and give business owners a trusted support system and fighting chance.
We have over 25,000 customers, ranging from small and mid-sized businesses to Fortune 500 companies. Founded in 2017, Coalition has raised $125M from a number of top tier global investment firms including Ribbit Capital, Greenoaks Capital, Valor Equity Partners, Felicis Ventures, and Vy Capital. Headquartered in San Francisco, Coalition’s team is distributed across more than 15 locations globally, including Austin, Washington DC, Denver, Canada and Portugal.
Our culture is one of character, humility, responsibility, purpose, and authenticity. We are growing rapidly and that growth is enabled by strong teamwork, communication, and mentorship. We want people who are passionate about becoming experts in both the business and the technologies that support it.
Our core platform is written mostly in Python with some services in Java and Go. We prefer to use the right tool for the job and make pragmatic decisions about how to scale and de-couple systems as we continue to grow. We’re looking for someone who can navigate a cloud environment (AWS) with many moving pieces and systems to help the team understand how they fit into the broader puzzle.
- Triage and prioritize application security vulnerabilities.
- Develop internal application security testing pipeline and review processes.
- Build and conduct secure coding training for all developers.
- Mentor and train engineers to build secure products
- Implement automated, proactive security measures (e.g., SAST/DAST).
- Develop Secure SDLC process and communicate process to Engineering.
- Building Application security metrics
- At least 3-5 years of direct experience either working on or leading an application security team.
- Experience conducting application security reviews.
- Experience with building/measuring metrics and KPIs to track application security issues
- Experience with source code repositories, CI/CD pipelines, and associated security tooling (e.g., GitHub, Drone, Buddy).
- Experience developing SDLC processes.
- Experience working with SAST/DAST and tools (e.g., Synopsys, Veracode, GitLab Secure, GitHub Advanced Security, etc.).
- Experience with threat modeling methodologies (e.g., STRIDE).
- Experience with Java, Go and Python secure coding assessments.
- Experience in API design and system architecture
- Experience in bug bounty management
- Teaching experience
We are all here to build something we believe in and to make a company that will last. We’re also assembling a team of expert incident responders, threat and malware researchers, and security analysts to protect our customers before, during, and after a cyber incident. Our goal is to harness the power of technology with the safety of insurance, to provide the first holistic solution to cyber risk. Coalition's culture is one that strongly values humility, authenticity, and diversity. We want to work with people of different backgrounds and different paths in life, and we trust our team members to take responsibility, share ownership and work for one another. We are always looking for collaborative, inquisitive and dedicated individuals to join our team.
Recent press releases:
Coalition is proud to be an Equal Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, sex (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender, gender identity, gender expression, transgender status, sexual stereotypes, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.