Senior Application Security Engineer (London or Leeds)
Security is a core value at Credit Karma. We help millions of people manage their credit. Safeguarding their sensitive information is essential to our continued success. From the CEO down to each individual developer, everyone views security as a personal responsibility. Your mission as a Senior Application Security Engineer is to identify potential threats and vulnerabilities, educate engineers, mentor team members, and communicate with engineers to resolve any issues identified.
What the Job Entails
- The Application Security team is a large team of professionals from various backgrounds who focus on securing our products. We perform traditional application security activities, preferring impact over security theatre. We will adopt the new techniques from SecDevOps teams to develop our own type of strategy, implementing automation of application security tasks and allowing us to focus on what is important.
- Our mission is a real priority in the company. You will see from the first week of engineering on-boarding's required security training to our internal security champions program, security is in the forefront of every employee's mind. We own this part of the security program and are always looking to build out our internal training and awareness.
- We perform security reviews over a wide variety of exciting domains, from getting the first glance at new microservices to reviewing our transition into the cloud. There are many products and services in which you can make an impact, bring your senior expertise in engineering and security concepts to bear across our company.
- We are responsible for securing the company code and third party libraries. We are integrated with CI/CD pipelines and automating our way to a scalable solutions; the kind of solution you can contribute to by writing code and directly working with engineers to further the adoption of our security tools.
- Our SDLC is integrated with the company's processes, and we work closely within our wider security organization to manage risk, coordinate, and move the entire company forward in our mission.
- You will have a B.S. in Computer Science, a related technical major, or significant job experience.
- You will have worked in the security industry for a minimum 8-10 years security experience. We welcome both red team and blue team members.
- You are an expert in security vulnerabilities, knowledgeable in testing and remediation, and can communicate all of these concepts to your partners in engineering. From the OWASP Top Ten to more advanced concepts, you've seen it before and can describe it with ease.
- You have worked in engineering or with engineers during your career, so you understand their work and obligations. Application Security works together with engineering to meet both business needs and security requirements.
- Communication and teamwork is important: Interpersonal skills and the ability to work together with organizations will be key to your success.
- Eagerness to challenge the status quo, balanced with a reasonable and helpful approach to effecting change.
- Do you have expertise in some of these technologies? iOS, Android, GCP, JIRA, Git, CircleCI, Jenkins, Artifactory, Consul, Kubernetes, webpack, react, GraphQL, Apollo, finagle, MySQL, Splunk, InfluxDB, Grafana, node.js, TypeScript, PHP, and Scala.
- Have you contributed to maintained multi-contributor security tools? We plan to build next generation security tools you cannot buy, and you have an opportunity to contribute.
- Have you presented at security conferences and meet ups? We want to hear about how you would take our program to the next level.