Senior Application Security Engineer

FusionAuth

  • Denver, CO
  • $140,000-200,000 per year
  • Permanent
  • Full-time
  • 1 month ago
  • Apply easily
Job Title: Senior Application Security EngineerLocation: Denver, CO (Hybrid)About FusionAuthFusionAuth is a fast-growing startup and leading provider of customer identity and access management (CIAM) software headquartered in Denver, Colorado. Our mission is to make authentication and authorization simple and secure for every developer. Our product helps businesses securely manage customer identities and access, ensuring a seamless and safe user experience for some of the largest brands in the world. We are committed to delivering exceptional value and satisfaction to our clients through top-notch service and support. With a great team and strong investors, we are expanding our team to help accelerate our growth and take FusionAuth to the next level.Job SummaryWe are seeking a Senior Application Security Engineer to join our engineering team. In this role, you will be responsible for ensuring that our applications and infrastructure meet stringent security standards. Additionally, you will be instrumental in fostering a security-centric culture throughout the engineering teams. To excel in this position, you should possess a creative and quantitative mindset, along with a deep understanding of secure coding practices. A strong passion for authentication, authorization, and user management is essential. Prior experience in security-focused roles or practices, such as penetration testing (PEN testing), bug bounties, or similar endeavors, will be highly valued. This position is based in the Broomfield, CO area and requires part time attendance 1-2 days per week in the office.Responsibilities
  • Participate in threat modeling, code reviews, and security audits to strengthen our applications against vulnerabilities.
  • Manage our bug bounty program by validating submissions and assessing awards.
  • Research and integrate security tools into our development processes and pipelines.
  • Design and implement new features with an emphasis on secure coding practices and risk mitigation.
  • Write and maintain extensive, security-focused tests, including unit, integration, and vulnerability tests.
  • Maintain our software with bug fixes, enhancements, and security patches.
  • Produce clear, high-quality documentation for new features and security protocols.
  • Contribute to platform roadmap planning and software architecture with an application security perspective, including prioritization of security-related bugfixes.
  • Advocate for best practices in security within the Engineering organization, including developing training curricula on secure coding practices.
Qualifications Required
  • 7+ years of professional software development experience with a significant focus on application security.
  • Bachelor’s degree in Computer Science or equivalent practical experience with a strong understanding of secure software development principles.
  • Expertise in Java web-application development and security.
  • Proven experience in roles with security responsibilities, such as PEN testing, bug bounties, or similar security assessments.
  • Highly proficient in object-oriented design and implementation with a secure development mindset.
  • Strong understanding of the full web stack, including HTTP, TCP/IP, and REST, with an awareness of potential vulnerabilities in these areas.
  • Experience building highly available, high-performance, scalable, and secure applications.
  • Expertise in developing multi-threaded, API-first applications with secure data handling practices.
  • In-depth knowledge of unit, integration, and vulnerability testing to ensure the robustness of our applications.
  • Experience across the stack, from cloud infrastructure to front-end security practices.
All About YouWe believe the following qualities will enhance your success in this role:
  • You are analytical and data-driven, using metrics to understand and mitigate security risks.
  • You have an interest in the authentication and authorization space, with a focus on security.
  • You bring a strong yet flexible approach to security, ready to adapt as the landscape changes.
  • You quickly learn new technologies and security practices.
  • You’re excited about contributing to our open-source projects and building a secure ecosystem.
  • You thrive in a startup environment and bring a proactive, security-focused mindset to your work.
Compensation
  • $140 - 200k expected base salary range*
*Pursuant to various state laws, we must display the pay range for this job. Since we are willing to hire within a broad spectrum of qualifications, we also reflect a broad pay range. The expected base salary range that we are targeting for this position can be adjusted up or down based on individual qualifications. Individual salary is determined by qualifications, role, level and location.BenefitsBenefits for full-time team members include:
  • Comprehensive medical, dental & vision plans
  • 401k with employer match
  • Flexible spending account (FSA)
  • Paid holidays & flexible paid time off (PTO)
  • Professional growth & development opportunities
  • Eligibility for performance-based bonuses or variable compensation tied to individual, team, or company results
If you are passionate about technology that solves real-world customer problems, and want to join a company that is moving the industry forward, FusionAuth is a perfect fit for you!Note: Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.FusionAuth provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
|Recruiters: Please note, FusionAuth does not accept unsolicited resumes from recruiters or employment agencies. In the event of a recruiter or agency submitting a resume or candidate without a signed agreement being in place, we explicitly reserve the right to pursue and hire such candidates without any financial obligation to the recruiter or agency. Any unsolicited resumes, including those submitted directly to hiring managers, are deemed to be the property of FusionAuth.Powered by JazzHR

FusionAuth