Application Security Engineer (LA, NYC, or Remote US)

New York City / Engineering — Platform Engineering / Full-time
Who we are
Albert is a new type of financial service that uses powerful technology to automate your finances, with a team of human experts to guide you. Albert saves and invests automatically for you, helps you avoid overdrafts, finds savings you’re missing, identifies bills you’re overpaying, and much more. Text Albert a financial question, and our geniuses won’t just offer guidance — they’ll help you take action.

We're an LA-based startup with a proven business model, backed by top-tier institutional investors and with nearly 6 million users who have trusted Albert to help them achieve their financial goals. We're on a mission to democratize money management through our simple, beautifully designed product, and we're looking for thoughtful, talented people to join us on our journey.

About the role
Security is core to Albert’s mission and critical to how we build our products from inception and design to deployment in the cloud. This role will help Albert maintain security at speed and scale. Our Application Security Engineer will help us deliver on our mission by helping to design, build, deploy, and maintain secure products. As a key member of our team, this role will work closely with the Product and Engineering teams performing core application security practices like threat modeling, design review, secure code reviews, and security testing while continuously improving our SDLC.
Things you're good at
  • Ownership: Dive in and take ownership of activities like code security reviews, threat modeling, static and dynamic security testing, and conducting security training for developers. 
  • Architecture: Provide application security guidance and oversight across Engineering and Product teams. 
  • Organization: Work across various layers of our company in an inspired, efficient way. Provide hands-on remediation guidance to teams across the organization.
  • Prioritization: Prioritize initiatives to demonstrate alignment with our business strategy and value propositions. Communicate priorities and drive consensus on the path forward. Identify, prioritize, and promote security practices that create the most impact in reducing overall security risk of our applications.
  • Collaboration: We bring out the best in each other. We're looking for people who will bring out the best in all of us. This role should seek to influence the design and implementation of upcoming products and services with security and privacy design in mind.
Responsibilities
  • Automate security testing to improve our SDLC workflow
  • Help write secure applications and services through design, development, and implementation of secure software development practices
  • Security code reviews to ensure the protection of customer information
  • Collaborate and advise engineering teams on building authentication, authorization, and encryption solutions
  • Support of security enhancement and development
  • Evaluate our infrastructure for risks and security vulnerabilities
  • Perform vulnerability testing, risk analysis, and security assessments 
  • Ensure that identified issues are prioritized and addressed in an appropriate time frame
  • Develop and report metrics measuring the state of the security program
  • Research emerging technologies and maintain awareness of current security risks
  • Help to develop security training and education for our software engineers
Requirements
  • Bachelor's Degree
  • Minimum 5 years of experience in the information security field
  • In-depth knowledge of mobile, backend and web application vulnerabilities and ability to articulate impacts to technical and business teams
  • Experience with performing threat modeling and designing secure mobile application architecture
  • Working knowledge of OWASP projects
  • Proficiency in Python
  • Experience with creating and supporting a Secure Software Development Lifecycle (SSDLC)
  • Experience with dynamic and static web application testing tools
  • Strong knowledge of securing cloud infrastructure  (ie. AWS, GCP)
Benefits
  • Competitive salary and meaningful equity
  • Health, vision and dental insurance
  • Daily meals provided
  • Monthly wellness stipend
  • 401k match
Apply for this job