Sr. Application Security Engineer/Sr. Product Security Engineer

Who We Are

Having surpassed $200M ARR and continuing to grow, AuditBoard is the leading audit, risk, ESG, and InfoSec platform on the market. More than 50% of the Fortune 500, including 7 of the Fortune 10, leverage our award-winning technology to move their businesses forward with greater clarity and agility. And our customers love us: AuditBoard is top-rated on G2.com and Gartner Peer Insights.

At AuditBoard, we inspire each other to innovate and are proud of what we are producing. We spend each day thinking of new ways to help our customers and contribute to the greater good of our company and our surrounding communities. We are all about assisting each other and breaking through barriers to create the most loved audit, risk, ESG, and InfoSec platform by our customers. This is how we have become one of the 500 fastest-growing tech companies in North America for the sixth year in a row, as ranked by Deloitte!

Why This Role is Exciting:

AuditBoard is looking for a passionate and experienced Sr. Application Security/Product Security Engineer, who will work along product and engineering teams to develop secure and resilient software used by some of the most security conscious customers on the planet. Supported by the InfoSec team, this position will serve as a Security liaison to the AuditBoard engineering team - assisting them with implementing security best practice at every layer of the SDLC, primarily focusing on threat modeling, secure design review, and triage and prioritization of application security vulnerabilities identified by the infosec team. This role will also be instrumental in the continued development of secure SDLC practices at AuditBoard.

Responsibilities:

In this role you will be responsible for:

• Working with product and engineering teams to implement security throughout the design and development process.

• Working with JavaScript, Node.JS, Ember, Python, GoLang, Docker, PostgreSQL, and Kubernetes.

• Creating application threat models, performing secure code reviews, and ensuring the use of secure coding practices, with the support of the Infosec team.

• Assisting the infosec team in driving adoption of Secure SDLC solutions and practices, such as SAST, DAST, SCA, IAST, App Runtime.

• Providing subject matter expertise and training on encryption, authentication, key security controls, and secure programming practices.

• Validating, triaging and driving the remediation of vulnerabilities discovered through internal testing, third-party penetration tests, or bug bounty programs.

• Guiding the implementation, configuration and operation of application layer security controls such as Web Application Firewall and DDoS mitigation solutions.

• Assisting with Security Compliance activities as required.

• Assisting with investigation and response to security incidents and web application attacks as necessary.

Requirements

• 5+ years of experience developing or securing web-based applications

• Experience with modern Javascript (Node.JS, ES6 and TypeScript) and front-end frameworks (Ember, Angular, React, Vue, etc.)

• Experience with leading threat modeling and secure design reviews

• Experience with security assessment tools (SCA, SAST, DAST) such as Qualys, SonarCloud, Prisma or similar is a plus.

• Docker & Kubernetes

• Excellent organization, time management, and attention to detail

• Must be action-oriented and have a proactive and collaborative approach to solving issues

• Participates in the design review process, seeking and providing constructive criticism

• Provides significant input into system architecture, considers scalability and performance

• Communicates technical decisions through design docs, tech talks, and the wiki

• Provides mentorship and technical guidance to junior and mid-level engineers

• Ability to work within an on-call shift rotation

Preferred

• Experience working on SaaS web applications

• Experience with building and maintaining internal tooling and orchestration using Python and other scripting languages

• Experience with building and securing CICD pipelines and incorporating supply chain security best practices.

• Experience with implementing static code analysis, Web Application Firewalls (WAF), or other software security solutions

• Experience coordinating bug bounty and penetration testing engagements

• Leveraging, building and securing AI coding assistants, agents, and product solutions

• BS in Computer Science (or equivalent experience)

Our Company Values

• Customer obsession: Apply relentless focus on listening to and understanding customers as the core of everything we do

• Win, together: Drive to be the best while supporting each other’s success

• Gritty resilience: Thrive in a fast-paced and dynamic environment, balancing immediate priorities with big-picture strategic goals

• Personal improvement: Stay eager to share insights, seek feedback, and continuously learn

• Constant innovation: Challenge the status quo and drive improvements
  

Perks*

• Launch a career at one of the fastest-growing SaaS companies in North America!

• Live your best life (LYBL)! $200/mo for anything that enhances your life

• Remote and hybrid work options, plus lunch in the Cerritos office

• Comprehensive employee health coverage (all locations)

• 401K with match (US) or pension with match (UK)

• Competitive compensation & bonus program

• Flexible Vacation (US exempt & CA) or 25 days (UK)

• Time off for your birthday & volunteering

• Employee resource groups

• Opportunities for team and company-wide get-togethers!

*perks may vary based on eligibility/location

Please note that background checks are required. Qualified Applicants with arrest or conviction records will be considered for Employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. This role may have access to highly sensitive data, including employee data, customer data, company financials, and proprietary product information.

We love building strong partnerships, but please note that AuditBoard cannot accept unsolicited resumes from agencies. Any submissions without a signed agreement in place will not create a fee obligation.

#LI-Remote