Application Security Engineer at Guild Education

Role Description:

You will be a leader within our application security team.  The goal of Guild Education’s application security program is to ensure that software engineering teams across the company are enabled to securely design, build, test, and maintain the applications that power our business.  Our guiding principle is to pave roads and enable our engineers to deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDL).  We take a customer-service oriented approach to support, coach, and empower our engineers to do the right things without friction or slowing them down.

Responsibilities:

• Develop and lead threat modeling training, workshops, and collaborative sessions for a wide array of cloud-based products and services. Champion threat modeling practices within the development teams, promoting best industry practices.
• Collaborate with product and engineering on architecting resilient, security-first services
• Build and deliver educational content to our engineers including hands-on training courses
• Interpret findings from application security tools and provide coaching in remediation
• Assist in the development of secure code libraries
• Evaluate and classify findings from SAST, DAST, SCA and externally reported sources
• Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
• Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
• Review and analyze existing processes and suggest improvements for increased security and efficiency

Requirements:

• 1-3 years in secure development/application security
• Proficiency in one or more of modern programming languages
• Proficiency in scripting
• Hands-on experience with one or more application security testing tools (SAST, SCA, IAST, DAST)
• Intimate knowledge of OWASP Top 10 Vulnerabilities, mitigations, and their impact on application architecture
• Experience in web application security and SSDLC practices
• Proficient in at least one general programming language such as JavaScript, Python, C/C++, Java, Rust, or Go
• An understanding of web applications, web servers, layer 7 application technologies

Preferred Qualifications:

• An understanding of AWS Well Architected Framework and Cloud native application development best practices
• Experience with OWASP Application Security Verification Standards (ASVS)

Other Soft skills:

• You are a great communicator who can explain technical issues and risks to a broad, non-technical audience.
• You can work well with engineering, legal, security, devops, product, executives, and others.
• You tailor your communication style, level of detail, and approach based on the audience.
• Enjoys working directly with software engineers, including in new languages and tool chains
• You are a strong collaborator and can influence technical teams, and you take them along with you.
• You operate effectively across teams and disciplines even in highly ambiguous situations.
• You have experience building inclusive team cultures

We feel passionately about equal pay for equal work, and transparency in compensation is one vehicle to achieve that. Total compensation for this role is market competitive, including a base salary range of $110,000-$130,000 as well as company stock options.