Application Security Engineer

Fingerprint empowers developers to stop online fraud at the source.

We work on turning radical new ideas in the fraud detection space into reality. Our products are developer-focused and our clients range from solo developers to publicly traded companies. We are a globally dispersed, 100% remote company with a strong open-source focus. Our flagship open-source project is FingerprintJS (20K stars on GitHub).

We have raised $77M and are backed by Craft Ventures (previously invested in Tesla, Facebook, Airbnb ), Nexus Venture Partners (previously invested in Postman, Apollo.io, MinIO, Druva) and Uncorrelated Ventures (previously invested in Redis, Rollbar & Gradle).

We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates' personal and financial information through fake interviews and offers. All Fingerprint recruiting email communications will always come from the @fingerprint.com domain. Any outreach claiming to be from Fingerprint via other sources should be ignored.

As a Senior Application Security Engineer, you will work closely with the engineering teams and play a pivotal role in ensuring that security is integrated at every stage of the software development lifecycle. 

Responsibilities

• You will provide guidance to engineers on secure coding practices, participate in coding reviews to identify any potential security vulnerabilities, and advise on remediation strategies
• Conduct security reviews to evaluate applications for potential vulnerabilities
• Own threat modeling - Understand the application’s architecture, identifying potential attack vectors and devising strategies to mitigate these threats
• Integrate security tools and processes into the DevOps pipeline
• Assist in response and recovery in the event of a security incident or breach
• Raise awareness about application security within the organization.

Requirements

• 5+ years of experience as an Application Security Engineer
• Proficiency in multiple programming languages with an understanding of the intricacies and potential security flaws
• Experience with cloud technologies 
• Knowledge of secure coding practices
• Proficiency with security tools and technologies - static/dynamic analysis tools, penetration testing tools, knowledge of firewalls, intrusion detection systems and encryption.
• Excellent communication and collaboration skills. 
  • Must be able to articulate complex security concepts to engineers and other stakeholders in a simple, understandable way. 
  • Ability to write clear and concise security reports and presenting findings to both technical and non-technical audiences
  • Ability to work effectively as a team with engineers, respect different perspectives and collaborate towards a common goal with business priorities in mind
• Problem solving and critical thinking skills.
  • Deep understanding of the problem space and a systematic approach to problem solving is a must. 
  • Ability to critically evaluate the security of a system, assess the impact of potential vulnerabilities and consequences of different security decisions

Nice to have:

• Bachelor's degree in Computer Science, Engineering, or a related technical field
• Familiarity with application security frameworks and standards like NIST, CIS, CSA ,etc
• Experience in a fast paced startup environment
• Golang experience
• Experience with AWS technologies

We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates' personal and financial information through fake interviews and offers. All Fingerprint recruiting email communications will always come from the @fingerprint.com domain. Any outreach claiming to be from Fingerprint via other sources should be ignored.

Offers vary depending on, but not limited to, relevant experience, education, certifications/licenses, skills, training, and market conditions. 

Due to regulatory and security reasons, there’s a small number of countries where we cannot have Fingerprint teammates based. Additionally, because Fingerprint is an all-remote company and people can join our workforce from almost any country, we do not sponsor visas. Fingerprint teammates need to be authorized to work from their home location.

We are dedicated to creating an inclusive work environment for everyone. We embrace and celebrate the unique experiences, perspectives and cultural backgrounds that each employee brings to our workplace. Fingerprint strives to foster an environment where our employees feel respected, valued and empowered, and our team members are at the forefront in helping us promote and sustain an inclusive workplace. We highly encourage people from underrepresented groups in tech to apply.

If you are applying as a resident of California, please read our CCPA notice here

If you are applying as a resident of the EU, please read our GDPR notice here