Application Security Engineer
San Francisco, CA
R&D – Engineering
PlanGrid is used on thousands of construction projects (including hospitals, government buildings, universities, utility plants, etc.), and we must do everything in our power to keep our 40M+ blueprints secure for our customers. As an Application Security Engineer, you will be responsible for securing our web and mobile applications. You will work with development teams to design and build secure solutions, get involved in all stages of software development, and generally solve security challenges. The Application Security Engineer will lead application security reviews of all projects while setting standards and defining best practices for the R&D organization.
- Perform application security design reviews against new products and services
- Track and prioritize all security issues
- Build internal security tools that help fix security problems at scale
- Play a lead role in developing and designing application-level security controls and standards for our SaaS rollouts
- Perform code review and drive remediation of discovered issues
- Enable automated security testing at scale to measure vulnerability, and report on risk across all the web and mobile platforms
- Lead and manage our bug bounty program
- Build the security development training program to train developers on secure coding practices
- Experience or working knowledge of modern development, test, and deployment models
- Demonstrated expertise in application security domain
- Understanding of application security in context of SDLC and CI-CD
- Working knowledge on exploiting and fixing application vulnerabilities
- Proficient in one or more programming languages such as React, Python, Ruby, etc
- Highly effective communication skills, in both verbal and written forms, to effectively convey technical and non-technical concepts to a wide variety of audiences
- Minimum Requirements: Bachelor’s or Master's degree with 4 years of experience securing complex production environments.
- Strong knowledge of web protocols
- Knowledge of various security tools and architecture
- Knack for finding flaws in software and ability to efficiently communicate how to fix them
- Strong communicator who is accustomed to working closely with a product team
- Ability to think about problems from an out-of-the box perspective; doesn’t always default to industry norms
- Ability to think like an attacker and use that context to develop threat models
PlanGrid, an Autodesk company, builds simple, beautiful software construction teams love to use. The company’s mobile-first technology gives general contractors, subs, owners and architects access to information in real-time, enables greater collaboration and provides actionable insights. With PlanGrid, any construction team member can manage and update blueprints, specs, photos, RFIs, field reports, punchlists and other information from any device. PlanGrid is used on more than 1.5 million projects across commercial, heavy civil and other industries in 90+ countries. Headquartered in San Francisco and founded in 2011, PlanGrid was acquired by Autodesk in 2018. Visit us at www.plangrid.com.
PlanGrid is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, national origin, age, protected veteran or disabled status, or genetic information
As part of GDPR compliance procedures, we have posted our Recruiting Privacy Notice on our website. Please also note that the advertised position is an opportunity with Autodesk, Inc. (https://www.autodesk.com/), as Autodesk recently acquired PlanGrid. Processing of your personal information as part of the job application process, and as part of Autodesk employment should a candidate be hired, will be handled by Autodesk pursuant to Autodesk’s Candidate Privacy Statement, available at: https://damassets.autodesk.net/content/dam/autodesk/www/content/careers/autodesk_candidate_privacy_statement.pdf.