SpotHero is seeking a Senior Engineer focused on Application Security to join our Engineering team. The Senior Application Security Engineer works closely with development teams, engineering and product managers and third-party groups (including the paid bug bounty program and security auditors) to identify and remediate security vulnerabilities in SpotHero’s products and practices.
With this role, hopefully you are someone who likes digging deep in infrastructure and code to find and fix the root cause of security vulnerabilities. You enjoy working with engineers of all disciplines and technology stacks both to achieve your goals and to educate others. You’ll be contributing to projects that are highly visible to our executive team.
Who we are:
SpotHero is one of transportation's hottest tech companies! We’re rapidly growing with the mission of bringing the parking industry into the future through technology. Drivers across the nation use the SpotHero mobile app or website to reserve convenient, affordable parking on-the-go or in advance, and parking companies rely on us to help them reach new customers while optimizing their business. We connect the dots with cutting-edge technology, delivering value to both sides of this exciting, evolving marketplace.
What will you do:
- Work with our analytics, marketing and data science teams to understand our data processing needs.
- Be a key hands-on contributor to the design and implementation of our data platform solutions from the infrastructure layer up to the API.
- Model and architect our data in a way that will scale with the increasingly complex ways we’re analyzing it.
- Build robust pipelines that make sure data is where it needs to be, when it needs to be there.
- Build frameworks and tools to help our software engineers, data analysts, and data scientists design and build their own data pipelines in a self-service manner.
- Performance testing and engineering to ensure that our systems always scale to meet our needs.
- Be a key member of the team focused on pure hands-on contribution to the implementation and operation of our data platform.
- You run web application security audits and tests against our applications and infrastructure.
- You research and verify reported security vulnerabilities in our applications and infrastructure.
- You educate software developers on common vulnerabilities and measures they can take to prevent them in their applications.
- You deploy and maintain code scanning tools.
- You audit our application and infrastructure security settings.
- Knowledgeable of security libraries, security controls, and common security flaws.
- Basic development and debugging skills in a modern web application language. Python is preferred.
- Ability to work in all areas of the tech stack, including infrastructure through the application layer to client libraries.
- Experience with OWASP Top 10 and the CVE program.
- Familiarity with cloud security controls and best practices. Experience with Amazon Web Services (AWS) is preferred but not required.
- Familiarity in setting up and using static and dynamic code analysis, container auditing tools, or other tools incorporated in the software development lifecycle.
- Experience with a security information and event management (SIEM) tool (e.g. SumoLogic).
- Experience with web application security testing tools (e.g. Burp Suite).
Nice to Haves:
- Certified Secure Software Lifecycle Professional (CSSLP).
- Certified Ethical Hacker (CEH).
Technology we use:
- IDEs, debuggers, open-source tools, Burp Suite.
- Amazon Web Services (AWS): Identity Access Management (IAM), Virtual Private Cloud (VPC).
- Kubernetes, SumoLogic, Terraform
- Confluence, Jira, Google GSuite
What we are offering:
- Career game changer – A truly unique experience to work for a fast-growing startup in a role with unlimited potential for growth.
- Excellent benefits –
- In the US we cover up to 90% of Medical Premiums, 50% of Dental & Vision Premiums, company sponsored Life Insurance, 401K, and generous parental leave.
- In Canada we offer Medical (prescription drug and paramedical coverage), Dental, Vision, Life Insurance, STD and LTD.
- Flexible PTO policy and great work/life balance – We value and support each individual team member.
- Annual parking stipend – we help people park!
- The opportunity to collaborate with fun, innovative, and passionate people in a casual, yet highly productive atmosphere.
- A workplace recognized as the Best Consumer Web Company by Built in Chicago, Top Company Culture by Entrepreneur, a Top Workplace by Chicago Tribune, and one of Chicago’s Best Places to Work for Women Under 35 by Crain’s Chicago Business.
Steps to apply: Please include any GitHub account, LinkedIn profile, and any project that you’re particularly proud of. We love seeing work that others loved working on.
SpotHero is an equal opportunity employer. We know that a diverse workforce is the strongest workforce, and are committed to building and supporting an inclusive environment for all.
PLEASE NOTE: This position is ineligible for visa sponsorship. To be considered for this role, you must be legally authorized to work in Canada or the US and not require sponsorship for employment now or in the future.