Software Engineer, Application Security
At Gusto, we serve over 60,000 small business customers with our Payroll, Benefits, and HR software suite, which allows them to move faster and gives them peace of mind about back-office tasks in their business.
We’re looking for talented and motivated application security engineers with 7+ years of experience. As part of our AppSec team, you will build tools that will help our product engineers effortlessly write code that keeps our customers’ information secure. If you’re interested in building secure software with far-reaching effects in our modern economy, join us!
Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI). Our customers put a lot of trust in us to be good stewards of this information. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.
Here’s what you’ll do day-to-day:
- Work with our product engineers to keep our web applications secure.
- Develop easy-to-use tools and light-weight processes that will help our engineers seamlessly write secure code.
- Be involved early in the software development life cycle so that security is built into our architecture.
- Train engineering teams in secure coding best practices.
- Research the latest threats and exploits and help our engineers secure the product against those threats.
- Automate and integrate security into CI/CD pipelines, such as static code analysis and dynamic code analysis.
- Run internal red team exercises.
- Coordinate and manage 3rd party pen-testers and bug bounty programs.
- Ensure proper management, encryption, and separation of secrets and keys.
- Share our security learnings and best practices with the outside world, so we can make the world more secure.
Here’s what we’re looking for:
- 7+ years experience in an application security role.
- Familiarity with cloud environments like AWS.
- Familiarity with dynamic languages and modern web development frameworks. We use Ruby, Javascript, Rails, and React.
- A hands-on engineer who cares deeply about both the technological and social aspects of building a secure organization
- Ability to partner well with cross-functional stakeholders.
- Always thinking about attack vectors in which PII and PHI can be compromised.
- Relevant security certifications (OSCP, CEH, GPEN, CISSP, etc.) are a plus.
Learn more about the team:
- Our Engineering Culture and Values
- How We Built a Service-Driven Team
- Our Diversity Goals and Efforts
About Gusto
Our customers come from all walks of life and so do we. We hire people from a wide variety of backgrounds, not just because it’s the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.
Gusto’s mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 60,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company’s investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.