Product Security Engineer

You have a passion for secure coding practices. You care about delivering products that are secure and productive for users while ensuring high performance without affecting user experience. You can find interesting ways to enabling developers push out secure code. You think that your job should not be about fixing bugs but rather finding effective ways to eliminate them. You have a burning desire in ensuring that the products and platforms that the engineering team deliver meet the best security protocols.

 We're a quickly growing team and your impact on our products will never be greater. You will be in a position to help ensure that security practices are adopted and embedded into our engineering practice, not as an afterthought but as a key requirement.

In this critical role, you will closely collaborate with Product Management, Engineering and DevOps to build a secure future for Evolve’s products and platforms. In this role you are empowered to help develop and maintain secure coding and testing practices within our Engineering Team.

This position reports to a Product Engineering Manager.

Responsibilities

• Performing technical security assessments on our web and mobile apps and architecture designs.
• Identify risks in code, applications, processes, and architecture
• Communicate risks effectively to Product Engineering through training and technical demonstration of vulnerabilities and secure design patterns for security topics
• Seeking out opportunities to automate processes.
• Maintaining and creating secure development practices and programs for our engineering teams.
• Acting as an ambassador for the secure development lifecycle at Evolve.
• Maintain your skillset and technical knowledge relevant to the technologies used at Evolve.
• Tracking and responding to issues detected during internal reviews or reported by the Operations Team.
• Mentor junior team members in conducting security reviews

Requirements

• 2+ years experience in security testing of web applications and native mobile apps.
• Deep understanding of web application architecture and design principles.
• Background in software engineering and common development practices in a team environment.
• Knowledge of code and application testing across various platforms for security and quality. Familiarity with common web application testing tools.
• Experience with manual secure code review in languages such as: JavaScript, Java, PHP, SQL.
• Knowledge of authentication mechanisms like OAuth, etc..
• Strong written and verbal communication skills. 
• Ability to communicate, with empathy, when delivering constructive feedback regarding security matters to engineers and product designers.
• Ability to see patterns, commonalities and investigate complex issues
• Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues.

Bonus

• Experience with server and storage technology, backend infrastructure.
• Public speaking engagements or published research.