Sr. Application Security Engineer
Redwood City, CA

Job Description

Description

The Basics:

We are looking for hands-on individual with a white hat hacker mindset to join us in a Senior Application Security Engineer role. This position reports to the Head of Security and will assist with the build out of the application security program. You will be responsible for architecting, developing and deploying security tools and technologies to protect the Branch's platform and backend infrastructure.

What You'll Do:

* Develop the secure SDLC process at Branch and perform static security code analysis (SAST) of the Branch's code base on a regular basis and provide relevant recommendations to developers.
* Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production.
* Perform threat modeling on existing and upcoming feature set in the Branch's applications so that appropriate security controls can be built from the ground up.
* Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow up investigation or remediation.
* Manage the bug bounty program at Branch and work with the developers for timely remediation of the reported issues.
* Manage external independent Application Security Testing and ensure timely remediation of issues.
* Identify all vulnerabilities originating from third party dependencies and ensuring timely remediation.
* Impart ongoing secure code and application security best practices training to developers.

We're Looking for Someone With:

* Bachelors in Computer Science or related field
* 5+ years in a security engineering or operations role
* Strong knowledge of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
* Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
* Experience with developing threat models (STRIDE, DREAD, etc.)
* Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
* Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must have
* Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
* Experience with Web Application Firewalls (WAF) desired but not a must have

About Us:

Branch provides solutions that unify user measurement across different devices, platforms, and channels, and deliver a seamless customer experience no matter where the user comes from. The introduction of mobile has divided today's businesses, causing inaccurate attribution and links that don't work, leading to wasted marketing spend and broken customer journeys. Branch fixes that by providing a holistic view of various user touch points and ensuring that links take the user to the right place on the website or native app. Branch is a trusted solution for over 35,000 brands including Airbnb, Instacart, Pinterest, Slack and many more.

Branch has raised over $110 million in funding from amazing investors. We're based in Redwood City, however, Branchsters can be found all around the world. The team is made up of people from different backgrounds, experiences, and educations, all passionate about the work we do, the team we do it with, and the partners we do it for. Join on in our journey to solving fascinating problems in the mobile industry!