The position.

The engineering team at Root strives to be one of the most transformative engineering teams ever. We’re changing the way an industry works by leveraging technology and data to build the best products possible. Even with our significant growth, we operate in small teams that are given ownership over projects and results. We’ve found that the people closest to the problems are the best at solving them. We’re actively hiring Engineers remotely and excited to announce that Root is a “work where it works best” company. Meaning we will support you working in whatever location that works best for you across the US. We will continue to have our headquarters in Columbus and offices in other locations to give more flexibility and more choice about how we live and work.
The Information Security team at Root strives to manage information security risk within the organization while enabling transformative technologists to do their cutting-edge work. As a Sr. Application Security Engineer, you’ll be joining a team dedicated to securing Root, having an opportunity to influence how we mature our secure software development lifecycle and application security standards to appropriately manage risk, address regulatory requirements, and protect our customers.
The ideal candidate will be technically sound, an exceptional communicator, a self-starter, and a team player who thrives in highly collaborative environment.This role will report to the Sr. Manager of Security Engineering.
What you’ll achieve.

• Work across teams to tackle complex issues
• Execute large, pre-planned tasks in an efficient manner
• Coach engineers on how to find and fix security bugs
• Perform design and code reviews to identify risk and assist developers in improving overall product security
• Teach secure coding techniques and methods
• Work closely with Product and Engineering teams to deliver secure, high-quality features
• Partner with the business to establish application and product security standards, and secure coding practices
• Develop and manage a bug bounty program in partnership with external service providers
• Coordinate and drive remediation of identified vulnerabilities and control deficiencies
• Integrate security test automation and tooling within CI/CD pipelines
  

What we’re looking for.

• Knowledge of securing both web and mobile applications against common issues (including OWASP Top 10)
• Ability to write clean, functional, well-tested code
• Experience with several programming paradigms
• Deep understanding of client-server architecture and web technologies
• Solid knowledge of continuous integration pipelines and automating security feedback
• Experience building, executing, and documenting a Secure Software Development Lifecycle
• Able to take on unplanned work and bug fixes
• Understands and takes business goals into account when making technical decisions