Senior Application Security Engineer

Mural, the leading visual work platform for the enterprise, makes teamwork feel like less work. Our intuitive visual workspace enables teams to easily work together and collaborate better using proven design-thinking techniques. Built for enterprise teams, Mural meets the most stringent of IT and regulatory requirements. Industry leaders — including IBM, ‌Microsoft, SAP, and Abercrombie & Fitch — choose Mural to help their teams accelerate innovation and problem solving at scale. Whether your team is fully remote, distributed, in the office, or still figuring it out, Mural brings teams across the enterprise together to do the work that matters most.

ABOUT THE TEAM

The product security plays a vital role in identifying and mitigating risks within the Mural product as well as partnering with other engineering teams to recommend product features that enhance security for our customers.

YOUR MISSION

As an Application Security Engineer, your role will involve executing the MURAL product security strategy. You will manage Mural’s public bug bounty submissions, SAST testing within our CI workflow. Collaborating closely with developers, you will work to expand security testing coverage and lead security reviews of MURAL product features. Additionally, you will play a crucial role in educating and promoting secure coding best practices.

WHAT YOU'LL DO

• Performing security reviews of Mural product features and architecture
• Manage and operate our bug bounty program
• Lead penetration testing and manage any risks to remediation
• Implementation and operation of SAST and DAST technologies in the CI workflow
• Working closely with Engineering teams to track and manage product risks to remediation
• Working closely with Engineering to increase coverage of security testing
• Communicating and nurturing relationships with security researchers, customers, and other stakeholders
• Producing metrics to help track the health of our product vulnerability management strategy
• Educating and evangelizing secure coding best practices

WHAT YOU'LL BRING

• 5+ years experience in a product security focused role
• Experience with product security at a multi-tenant SaaS company preferred
• Experience with vulnerability management
• Deep understanding of web application and mobile application security risks
• Deep understanding of Linux, Networking, Cryptography, and Cloud Architecture fundamentals
• Software development experience with Node.JS or other frameworks like React, Angular, etc. is a preferred
• Familiarity with MongoDB, Node.JS, Ruby, and/or Python is preferred. 
• If you have participated in public or private Bug Bounty programs, or have any other open source or community contributions, presentations, or blog posts in the security space, please share it with us!
• Excellent command of English, both written and verbal

For roles based in New York City, California, Colorado, and Washington, the base salary for this role ranges from $160,000 - $200,000 + benefits. Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience. Certain roles may be eligible for variable compensation.

Equal Opportunity 

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.