×
Home

Application Security Engineer

Posted On: April 7, 2022 | Location: Remote (U.S. and Canada only)

Job Title: Application Security Engineer
Division/Department: Engineering
Reports To: VP Engineering
FLSA Status: Exempt

About Boardable

Boardable takes mission-critical board and committee meetings from friction to focus. Founded by experienced board executives, the intuitive board management platform brings teams together — wherever they are — so they can prepare, engage, and take action on what matters most. Boardable powers more than 2,000 organizations in over 40 countries, including associations, nonprofits, healthcare, higher education, and enterprise businesses. We are always on the lookout for talented, purpose-driven people to join our team. If you can bring a diverse perspective, superpower skills, and an amazing attitude to our team, we want to hear from you.

Job Purpose

The Application Security Engineer is responsible for building and maintaining the security of Boardable’s core products and supporting admin tools. Security is tightly woven into product and infrastructure development. We challenge our teams to build systems that are secure-by-default and to protect our users' most sensitive data. The person in this role reports to the VP of Engineering and serves to create and support the security of a user-friendly SaaS platform for Boardable’s customers based on adherence to industry standards, knowledge of coding languages, and understanding of technical architecture requirements from a security perspective.

You will be joining a team of engineers who will champion security initiatives throughout the organization. You will be building tools to make secure-by-default easy. You will be conducting regular audits/tests to identify risks and prioritizing fixes for the identified risks. You will continue to raise the bar to make our systems secure.

Duties/Responsibilities

  • Implement various types of scanning (SAST, SCA, DAST, etc.) in our CI/CD pipelines and ensure results are appropriately surfaced to developers.
  • Implement a vulnerability detection and management program for mobile applications.
  • Triage, escalate, and remediate vulnerabilities found as part of our bug bounty program.
  • Work with the product management teams to prioritize fixes for vulnerabilities and work with engineering teams to understand how to fix these issues.
  • Get your hands dirty by fixing vulnerabilities, building in security telemetry/instrumentation, and adding security features to our products/applications.
  • Actively participate in the design and implementation of applications, services, and infrastructure to ensure security and privacy design principles are being followed by performing security reviews and threat modeling.
  • Design tooling and frameworks to make adoption of security best practices easier for developers when working in our code bases.
  • Deploy, manage, and tune infrastructure used to protect our applications from common vulnerability exploitation, account takeover, and denial of service attacks.
  • Manage scope, scheduling, and remediation of vulnerabilities found as part of pen testing programs.
  • Assist in the creation and maintenance of security training for developers
  • Actively participate in all facets of the incident response lifecycle
  • Contribute to the management and maintenance of SOC Compliance

Experience/Education/Skills

  • Bachelor’s degree in computer science, computer information systems, software engineering, cyber security, mathematics, related field of study, or equivalent work experience
  • 3+ year experience working on a security team supporting product/engineering functions, cloud infrastructure, and corporate infrastructure development
  • You have experience with application/source code scanning technologies
  • You have in-depth knowledge of security threats, applied cryptography, and risk assessments
  • You have experience working with product development teams to empower them on advancing security initiatives
  • You have software engineering experience (PHP preferred) and an engineering mindset for building reliable / maintainable security infrastructure to support a large organization with CI/CD software engineering practices
  • Understanding of the software-as-a-service (SaaS) model and cloud-based environments
  • Knowledge of software development life cycle and agile methodologies including Scrum.
  • Experience maintaining security with large Web applications (Laravel & Vue frameworks) hosted in Amazon Web Services
  • Ability to use version control systems such as Github or Bitbucket
  • Superior critical-thinking and problem-solving skills
  • Strong organizational and communication skills
  • Nonprofit and/or board experience a plus

Company Benefits

  • Flexible work schedule/remote work
  • Unlimited Paid Time Off (PTO)
  • Major medical/dental/vision insurance OR Monthly health stipend 
  • Monthly phone/tech stipend
  • Paid parental leave
  • 401(k) with employer match
  • Potential for equity compensation
  • Bonus opportunity based on organizational goal attainment
  • Employee Assistance Plan
  • Work from Home setup stipend
  • Professional Development Opportunities
  • Gift of Boardable to a board on which you serve
  • Charitable donation matching program
  • Employee affinity groups including DEIB (diversity, equity, inclusion, belonging) and CSR (corporate social responsibility)
  • Coworking Space Reimbursement

Diversity and Inclusion

At Boardable, we actively commit to inclusion and belonging. We strive to create a workplace where everyone truly feels welcome as teammates and partners in building our vibrant, ever-changing culture. We know a diverse team will meet the challenges of the business in ways that a monocultural team simply cannot. We’re committed to building a team that represents a variety of backgrounds, perspectives, and skills as we fulfill our mission of helping purpose-driven organizations. 

Boardable is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. We encourage all those interested to apply.