Full-Time Staff Security Engineer

Attentive is the AI-powered mobile marketing platform transforming the way brands personalize consumer engagement.

About the Role

Our Security team safeguards Attentive's platform and customer data, enabling swift and secure operations. We tackle complex security challenges to ensure trust and integrity across our services.

Joining our team offers a high-growth career opportunity to work with some of the world's most talented security professionals in a high-performance and high-impact culture.

We are seeking an experienced and adaptable security engineer with strong technical skills and a developer mindset.

What You'll Accomplish

1. Architecture Design & Code Reviews: Conduct secure design and code reviews for new systems and features, identifying common vulnerabilities such as injection attacks and cross-site scripting (XSS)
2. Automation & Tooling: Develop and implement security tools for code scanning, dependency management, and CI/CD pipeline integration to protect systems throughout the development lifecycle
3. Engineering Support: Provide hands-on support to engineers in deploying security solutions, hardening services, and remediating vulnerabilities, including encryption and input validation
4. Threat Modeling: Lead the creation of comprehensive threat models for products and infrastructure to identify, assess, and mitigate security risks
5. Vulnerability Management: Establish and oversee a vulnerability management lifecycle, ensuring timely detection, reporting, and remediation of security vulnerabilities
6. Security Guidance & Documentation: Promote secure coding practices and maintain security documentation, including reports from penetration testing and product security tools

Your Expertise

7+ years of experience in application/product security, with expertise in web technologies, vulnerability identification and remediation, and cloud security fundamentals.

Proven ability to build and automate processes, such as static code analysis, enhancing code shipping practices beyond mere compliance.

Extensive knowledge of application and network protocols, cryptography, authentication and authorization protocols, as well as common security threats and attack techniques.

Strong coding and code review experience in Java, Python, and Golang, with a focus on Java vulnerabilities and Kubernetes/container security.

Experience with AWS and deploying infrastructure as code.

Skilled at communicating complex technical concepts and risks to non-technical audiences.

What We Offer

Competitive perks and benefits, from health & wellness to equity.

What is the last date for applying to the job?

Which countries are accepted for this remote job?