Application Security Engineer at Ibotta
Ibotta is seeking an Application Security Engineer to join our innovative team and contribute to our mission to Make Every Purchase Rewarding.
In this role, you will partner with our engineering, product, and data science teams to assess our code, websites and applications, prioritize risks for remediation, and integrate security into our SDLC. You will assist in scoping and monitoring our third-party pen tests and will also lend a hand in day-to-day security operations.
This position is located in Denver, Colorado, or with the option of full-time remote. Candidates must live in the United States.
What you will be doing:
- Embrace and uphold Ibotta’s Core Values: Integrity, Boldness, Ownership, Teamwork, Transparency & Advocate for Savers
- Conduct DAST and SAST scans, identify false-positives, and suggest remediation paths for valid findings.
- Build collaborative relationships with developers, engineers and data scientists across the organization, and work with these stakeholders to conduct security reviews and manual and automated penetration tests of Ibotta’s products, source code, stored procedures, datastores, server/service configurations, and applications.
- Validate and respond to ‘netizen, client, partner, and supplier reported application vulnerabilities. Prioritize true positives for remediation.
- Analyze Ibotta’s application architecture to identify weaknesses & develop opportunities for improvement.
- Evaluate, recommend, and implement security related software to make Ibotta’s SDLC more secure.
- Define and document application security requirements, systems, and methodologies.
- Provide accurate & timely reporting on all project deliverables.
- Provide practical application security best-practice guidance to Ibotta, and help educate and train developers in secure coding best practices.
- Participate in 24/7 oncall rotation and incident response.
- Other duties as assigned.
What we are looking for:
- 2+ years’ Information Security Engineering experience, in a technical capacity.
- Self-starter, able to operate independently.
- Must have the ability to work effectively across the organization/collaborate effectively with both technical and non-technical team members, possess excellent oral & written communications skills, and demonstrate effective problem-solving skills.
- Familiarity with enterprise logging (splunk)
- Experience with Ruby and data wrangling languages such as SQL
- Experience with commercial offerings for application security testing and analysis (Qualys, Checkmarx, Burpsuite, etc.)
- Good understanding of RESTful APIs and microservices.
- Understanding of Continuous Integrations/Testing/Delivery.
- Working knowledge of web application testing tools.
- Working knowledge of application containers frameworks and technologies (Docker, Kubernetes, etc.).
- Knowledge of application-level attacks and mitigation methods, with a thorough understanding of OWASP top 10.
- Experience with PHP, Python and Ruby
- CEH, eCPPT, eWPT, GWAPT, OSCP, or equivalent experience.
Built in Denver, CO, Ibotta ("I bought a...") is a free mobile shopping app that gives users cash back on groceries and more. Through our partnerships with brands and retailers like Procter & Gamble, Kraft Heinz, Kellogg, Amazon, Walmart, Target and Uber, we’ve delivered over $800 million in cumulative cash rewards to our Savers. Guided by our values and our mission to make every purchase rewarding, we come to work energized by the business problems we get to solve, the technology we get to build, and the people we get to innovate (and have fun) with. Ibotta made Inc.’s 2020 list of the 5000 fastest-growing private companies in the U.S. for the third consecutive year. In 2019, we became the first mobile consumer technology company in Colorado to achieve $1B in valuation.
- This position is located in Denver, CO, or with the option of full-time remote, and includes competitive pay, flexible time off, benefits package (including medical, dental, vision), Lifestyle Spending Account, 401k match, profit sharing and equity.
- Base compensation range: $95,000 - $125,000. This compensation range is specific to the state of Colorado's local labor market and may vary for employees living in other areas.
- Ibotta is an Equal Opportunity Employer. Ibotta’s employment decisions are made without regard with race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected status
- Applicants must be currently authorized to work in the United States on a full-time basis.
- For the security of our employees and the business, all employees are responsible for the secure handling of data in accordance with our security policies, identifying and reporting phishing attempts, as well as reporting security incidents to the proper channels.