Application Security Engineer
Update: We're excited that you're interested in Root. In order to maintain a great candidate experience while most of our folks are working from home, we've decided to pause hiring for the time being. We welcome you to apply, and if it's a great fit, we'll reach out when we start to ramp up hiring again. In the meantime, our Candidate Experience Team is working hard to optimize our existing workflows to set us up for additional scale once the situation settles down.
The engineering team at Root strives to be one of the most transformative engineering teams ever. We’re changing the way an industry works by leveraging technology and data to build the best products possible. Even with our significant growth, we operate in small teams that are given ownership over projects and results. We’ve found that the people closest to the problems are the best at solving them.
Our tech stack includes:
Ruby / Rails backend, RSpec for testing
Small amounts of native iOS and Android
Deployment to AWS ECS using containers
Buildkite for CI
We recently raised the largest VC round ever for an Ohio technology company:
Our team excels at delivering software to solve the problems in front of us at Root: presently, a suite of world-class mobile, web, and server-based products obsessed with the customer experience. We’ve shaped our team and process around this; we know that constant iteration and experimentation produce the best results.
For more information on engineering at Root see https://eng.joinroot.com/
We divide the areas of responsibility for engineers into three major areas:
Technical: The skills and knowledge that make up an engineer’s basic problem-solving toolbox.
Planning and Execution: The ability to plan and execute assigned work beyond basic technical solutions.
Working with Others: The ability to work effectively with other engineers and people in other functions.
What we look for in Application Security Engineers:
- Knowledge of securing both web and mobile applications against common issues (including OWASP Top 10)
- Writes clean, functional, well-tested code
- Experienced with several programming paradigms
- Deep understanding of client-server architecture and web technologies
- Solid knowledge of continuous integration pipelines and automating security feedback
- Building, executing, and documenting a Secure Software Development Lifecycle
Planning and Execution
- Completes large pre-planned tasks in an efficient manner
- Able to take on unplanned work and bug fixes
- Understands and takes business goals into account when making technical decisions
- Can manage a bug bounty program though an external service
Working with Others
- Able to work across teams to tackle complex issues
- Works with engineers to coach them on finding and fixing security bugs
- Can teach secure coding techniques and methods