Senior Application Security Engineer

Boston, MA
Technology – Security
Full-Time
Simply Business is more than our name. It's how we approach small business insurance: Make it clear. Make it simple. Make it affordable. Founded in 2005 (with our first international office in Boston launched in 2016), Simply Business is an online business insurance brokerage that specializes in one thing: protecting the businesses that entrepreneurs have worked hard to build.

Through blending a combination of technology, data, and insurance knowledge - with 10 years of expertise in the UK in how to build great products for our customers - we are looking to simplify the insurance-buying process for all small businesses across the US.

Right now we’re at the start of that journey. We need people who are looking for a challenge and have the drive and ambition to challenge the boundaries in whatever exciting project they believe in. We believe that people work more productively and imaginatively when they are free from rigid hierarchy and structures and we’re creating a colorful and collaborative environment to help support you in meeting your ambitions.

If you’re smart, passionate about delivering brilliant customer experiences across an integrated online and offline user journey, and enjoy solving complex challenges then you should apply to join our team.

We need a Senior  Application Security Engineer  to join us  in Boston.

Reporting to the Lead Application Security Engineer in London, you will play an important role in driving the security mindset into the teams who are responsible for the applications they create, maintain and run. The successful candidate will help build a network of champions, define standards/guidelines, evaluate security products and technologies and strengthen our defenses through the SDLC.

As an Application Security Engineer you will:

    • Collaborate on source code with developers
    • Create threat models for new and existing features
    • Mentor team members and security champions
    • Advise on the security architecture of projects
    • Setup and tune the security technology (SAST, DAST, WAF, HIDS, Container Security)Triage vulnerabilities

Responsibilities Include:

    • Test automation (fuzzing, vulnerability reproduction) CSIRT member
    • Documentation (policies, procedures, guidelines, training)Mentoring team members
    • Running application security focused sessions (presentations, workshops and CTF)

Required Skills Include:

    • Essential skills we are looking for:
    • Sociable & Communicative Passionate about security
    • Experience with threat modelling Experience as a software developer
    • Experience reviewing vulnerabilities
    • A good grasp of web technology and protocols (HTTP, HTTPS, HTML, JavaScript, XML, WebSockets, JSON etc)


    • Additional skills we are looking for:
    • The ability to read and write Ruby code
    • Experience working with DevOps teams
    • Experience working with AWS tooling and services
    • Experience working with container technology
    • Experience with BDD
What are the benefits?

Working in our Boston Office, you will have the chance to shape a business from the very beginning, and an opportunity to develop and learn new skills across various technology and business areas as you desire.
 
Plus there’s all the serious (but important) stuff we call "core benefits".
 
The ‘core’ stuff
Some of these will kick in once you’re confirmed in post, but here’s the summary:
• A salary that reflects your experience, our pay policy and the market we’re in from your first day
• Group plan for medical, dental, and prescription drug coverage
• Short term disability, long term disability and life insurance coverage
• Participation in the Company’s bonus program
• Participation in 401(k) plan with a 3% employer match
• Commuter benefits to help cut down on commuting costs
• 25 days of vacation time plus 10 company holidays
• Flexible working hours and working from home
 
But there’s so much more to Simply Business than insurance. We also commit to flexible working options, smart working (our offices are kitted out for you to work when and how you choose)and we have a handy online form to put in any training or conference requests.
 
Best of all, though, are the groups, clubs, and adventures that come with the Simply Business territory. We trek the Sahara for charity, take you on weekends away, throw epic summer parties, meet up for book groups, public speaking coaching and lots, lots more
 
It’s a big claim but we genuinely believe the Simply Business culture is truly unique. You sort of have to come and spend time with us to appreciate it. So get that application in and we’ll take it from there!
 
Our values
Everything we do comes down to these five values – empowerment, authenticity, simplicity, learning and pioneering.
 
In practice, these will mean something unique to every  person at Simply Business, but if you’re considering working here, give them some thought. They’re at the heart of our story.
 
Empowerment
We believe in our people and the positive impact they can have so we enable everyone to stretch themselves
 
Authenticity
We celebrate diversity, avoid jargon and genuinely care about helping small businesses thrive
 
Simplicity
We attempt to simplify complex solutions to save our customers time and effort
 
Learning
We’re never done learning about new possibilities and act to explore them
 
Pioneering
We’re obsessed with finding new ways to create even better experiences

We want to meet you

As a company, we pride ourselves on inclusion in the workplace. We succeed as an organization because we are comprised of intelligent women and individuals from other underrepresented groups. We understand you don’t find that in a lot of companies, so we’re emphasizing it here should you feel any hesitation to apply for that reason.    

The hiring process at Simply Business is focused on candidates who are enthusiastic about the role and company. So even if you don’t fit every qualification listed in one of our job postings, yet you feel you’d be a great fit, we’d love to meet you. With any luck we’ll be seeing you at an interview soon.