Senior Application Security Engineer

San Francisco
Engineering – All Engineering
Full-time
WHO WE ARE
Looker is on a mission to bring better insights and data-driven decisions to every business. Everything we do is aimed at making sure our customers love every aspect of Looker, from our products and technologies to our ease of doing business and our support. We are looking for curiously brilliant individuals to join our team as we reinvent data analytics. Get data-driven and see yourself at Looker.

WHAT WE'VE GOT GOING ON
Looker is seeking a senior application security engineer to conduct architecture security reviews and penetration testing modeled after real work attackers.  We work cross-functionally with teams across the organization to find and mitigate risk within the Looker product.
The ideal candidate will have experience conducting manual penetration testing of full stack cloud applications and the ability to explain networking concepts (e.g. routing, ACLs, load balancers, proxies, SSL/TLS, TCP, etc) to provide feedback on application architecture. You must also have the skills to clearly communicate risk with business customers, external security researchers, as well as internal business owners and developers.
As the newest member of the Product Security team, you’ll have opportunities to contribute to existing security assessment initiatives, as well as to influence the broader product security strategy, and explore bleeding edge security assessment and vulnerability mitigation techniques.  
The Product Security team is quickly expanding, which means there will be frequent opportunity to grow your own career at Looker, and hone in on where you’d like to focus your responsibilities.  Whether you have a desire to eventually manage a team of your own, or specialize as an individual contributor, there will be plenty of runway to be successful here.

WHAT WE NEED YOU TO DO

    • Participate in architecture review and penetration testing of the Looker product
    • Participate in the operation of our bug bounty program, validate reports, and respond to researchers 
    • Assist with vulnerability assessment using SAST and DAST technologies
    • Track and manage product risks to remediation
    • Communicate and nurture relationships with security  researchers, customers and other stakeholders
    • Produce metrics to help track the health of our vulnerability management strategy 

WHAT YOU BRING TO LOOKER

    • Web application security testing experience
    • A background in penetration testing or red teaming
    • History of managing bug bounty programs
    • Experience automating application vulnerability assessment in SDLC
    • Knowledge of multi-tenant SaaS infrastructure cloud applications
    • Familiarity with JRuby, Java, Node, and Javascript security
A LITTLE MORE ABOUT LOOKER
Looker is a unified Platform for Data that delivers actionable business insights to every employee at the point of decision. Looker integrates data into the daily workflows of users to allow organizations to extract value from data at web scale. Over 1600 industry-leading and innovative companies such as Sony, Amazon, The Economist, IBM, Spotify, Etsy, Lyft and Kickstarter have trusted Looker to power their data-driven cultures. The company is headquartered in Santa Cruz, California, with offices in San Francisco, New York, Chicago, Boulder, London, Tokyo and Dublin, Ireland. Investors include CapitalG, Kleiner Perkins Caufield & Byers, Meritech Capital Partners, Redpoint Ventures and Goldman Sachs. For more information, connect with us on LinkedInTwitterFacebook and YouTube or visit looker.com.

Looker aspires to be a workplace that is not only free of discrimination, but one that fosters inclusion and belonging. We strongly believe that diversity of experience, perspective, and background lead to a better environment for our employees and a better product for our users. We encourage you to join us in changing the way businesses use data.