Snapdocs is an early-stage, rapidly growing company backed by investors like Sequoia Capital, SV Angel, YCombinator & F-Prime that is looking for our first Application Security Engineer (AppSec) to implement application security testing tools to secure our platform as we scale. If you are interested in being an early member of a security team that is leading an industry into the future, then we have your next position here at Snapdocs. 

Today we are a small team tackling the absolutely massive mortgage market. Snapdocs is focused on perfecting the real estate closing process by bringing modern, elegant software to a field that still relies on fax machines and manila envelopes. Our platform provides security, efficiency and joy to a paper-based pillar of the US economy through integration and automation. We rely heavily on domain expertise, product design, and data to ensure that we build reusable patterns that can work for different types of mortgage professionals.

Reporting direclty to the Manager of Security Operations, our first Applications Security Engineer (AppSec) is responsible for implementing web application security testing tools in QA & code releases. The Appsec Engineer owns all penetration testing, DAST, SAST, tracks identified vulnerabilities & provides resolutions. Working across Product, Engineering, QA etc. the AppSec Engineer reviews product requirements and performs risk assessments on planned application changes. This role requires a highly collaborative approach paired with excellent communication skills to balance trade offs, push back and even negotiation to get things done. In addition to the day to day security testing, the Appsec Engineer plays a critical role in incident response and participates in an on-call rotation. This is where you come in...

Over the past 2+ years of industry experience, you have developed a broad range of security related skills, gained exposure to diverse application security frameworks, tools and methodologies while working in startups to midsize B2B SaaS companies. Hands on experience working with Amazon Web Services (AWS), Ruby on Rails or Python programming & exposure to Burp Suite or similar automated web application security testing tools is vital as these are the core components in our tech stack. You keep up to date with web application security concepts (OWASP top 10 for example), AWS best practices, have a working knowledge of securing containerized, serverless environments such as EKS, Kubernetes, Docker. It's a major plus if you have spent time participating in bug bounty, ethical hacking, or contributing to other security related research activities. You are highly collaborative to bridge the gaps between Engineering, Product, Security and the rest of the business to create a secure and stable network. You can balance between builder & breaker. Curiosity, patience, proactiveness & a learners mindset are at the core of your approach to reducing the threat landscape. Any security related certifications are a nice to have but not essential (GWAPT, OSCP, CISSP, CEH etc).

Snapdocs’ culture is one that strongly values diversity and drive. We want to work with people of different backgrounds and different paths in life, and we trust our team members to make smart decisions. We value independent work as well as collaboration. Snapdocs provides a range of excellent benefits ranging from the standard stuff: matching 401(k), free lunches, and 21 days PTO to the not so standard—like a 10 year exercise window on your options and our location in downtown Denver is super convenient (we are currently based in the Wells Fargo Center).