Application Security Engineer
San Francisco, CA
If you love to hack and live to stamp out security threats with your scripting & security engineering skills, we want to hear from you!
At HelloSign, our vision is Frictionless Agreements. We envision a world where people never need to print, sign & scan documents ever again. Agreements are filled out and signed without any friction.
We are looking for hands-on individual with a white hat hacker mindset. This position will be a part of the HelloSign information security team and will work directly with the HelloSign engineering and devops teams. You will work with the team in developing and deploying security tools and technologies to protect the HelloSign eSignature platform and backend infrastructure. Additionally, you will collaborate with your team to perform static and dynamic code analysis as well as perform threat modeling.
What You'll Do:
- Application Security with an emphasis on Integrations (Salesforce, APIs)
- Help architect solutions that are inherently secure (Designing, Threat Modeling, Prototyping)
- Correctly balance security risk and product advancement
- Triage issues reported by researchers and help our teams resolve them
- Perform proactive research to detect new attack vectors
- Perform security assessments on our external vendors
- Create and operate security tooling and scripting
- Perform penetration testing on our applications
- Embody our core values and uphold our unique company culture. We value diversity and inclusion, and encourage our team members to be their authentic selves at work.
Who You Are:
- 3+ years in a security engineering or operations role
- BS or MS in Computer Science or Information Security or equivalent experience
- Strong understanding of REST API and related security issues
- Ability to review and understand source code (PHP, Java, Elixir, Apex)
- Experience with scripting languages (PHP, Python, etc...) and automating tasks
- Experience threat modeling applications and designing secure architectures
- A deep understanding of application security issues (i.e. OWASP Top 10)
- Ability to independently handle multiple tasks, prioritize and meet deadlines
- Ability to participate in 24x7 on call rotation for security related events
- Excellent communication skills, on both technical and non-technical issues
- Understanding of Linux/UNIX based systems
- Ability to maintain confidentiality of sensitive customer data
- Experience with Apex programming language and the Salesforce platform
- Experience with GraphQL, JWTs
- Comprehension of packet analysis using security tools such as Wireshark, tcpdump, nmap, SIEM (log analysis), and IDS/IPS.
- Information security related experience with Amazon AWS or equivalent cloud experience
We believe that the way business gets done today is broken. That’s why we’re dedicated to simplifying work for everyone - from small startups to large enterprise companies. Millions of individuals and over 80,000 companies world-wide trust the HelloSign platform – which includes eSignature, digital workflow and eFax solutions – to automate and manage their most important business transactions.
With a sharp focus on user experience and a lust for innovation, HelloSign is on a mission to Simplify Work.
Life at HelloSign:
We are centrally located in downtown San Francisco near BART, the Transbay Terminal, and the Ferry Building. Just over 100 employees, we are growing the company deliberately, with a keen eye towards maintaining a culture that values lifestyle, fun and continuous improvement. We were awarded the Hirepalooza Culture Award for Lifestyle in 2015 and the Healthy Mothers Workplace Bronze Award in 2016 and 2017. This year, we won SF Business Times' Best Places to Work Award for Small Employers. We continue to maintain an overwhelmingly positive presence on Glassdoor and The Muse.
We have raving fans who love what we make • We're user-focused and product-driven • We're always evolving with an eye towards improvement • We're committed to building a product people want • We thrive on collaboration and learning from each other • We have a supportive, familial atmosphere • We work in an open, airy, creative space • We laugh a lot • We love dogs • And we'll never forget your birthday!
HelloSign is an equal opportunity employer committed to hiring a diverse team of qualified individuals • HelloSign conducts background checks; pursuant to the San Francisco Fair Chance Ordinance, HelloSign will consider for employment qualified applicants with arrest and conviction records • HelloSign participates in E-Verify.