Senior Application Security Engineer
We are thrilled to announce Handshake’s $200M Series F funding round. At Handshake, we believe that a career opportunity shouldn’t be determined by who you know or what you’ve done. It’s about what you can - and will - do. Your future, not your past. Our Series F fundraise and new valuation of $3.5B will fuel our next phase of growth and propel our mission to help more people start, restart, and jumpstart their careers.
Handshake is the #1 place to launch a career with no connections, experience, or luck required. Handshake’s community includes 20 million students and young alumni around the world from 1,400 educational institutions, including four-year colleges, community colleges, boot camps, and 290+ minority-serving institutions. The platform connects up-and-coming talent with 650,000+ employers - from Fortune 500 companies like Google, Nike, and Target to thousands of public school districts, healthcare systems, nonprofits, and even sports teams like the LA Dodgers. Handshake is headquartered in San Francisco with offices in Denver, New York, and London and teammates working globally.
Everyone is welcome at Handshake. We know diverse teams build better products and we are committed to creating an inclusive culture built on a foundation of respect for all individuals. We strongly encourage candidates from non-traditional backgrounds, historically marginalized or underrepresented groups to apply.
If you are not sure that you’re 100% qualified, but up for the challenge – we want you to apply. We believe skills are transferable and passion for our mission goes a long way.
Your Impact:
Handshake is building a diverse team of dynamic engineers who value creating a high-quality, high-impact product. We are looking for a Senior Application Security Engineer who will be responsible for taking ownership of application security initiatives such as defining security requirements and policies, reviewing testing and deployment standards, and asset and vulnerability management. You'll be working with the Infrastructure team whose goal is to build a secure, reliable platform for our engineers.
Your Role:
- Build out the application security strategy within Handshake, laying the foundation for future-proofing the product. This will include bringing in new or enhancing existing processes (e.g. SDLC, SLAs) and tooling (e.g. SAST, DAST)
- Conduct penetration testing against native mobile applications and web services.
- Validate internal, external, and crowd-sourced application security findings and articulate them to Handshake engineering teams.
- Participate in documenting Handshake engineering architecture and performing threat modeling for white-box assessment activities.
- Think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
- Serve as a subject matter expert for secure coding practices, penetration testing, mobile platform security, and all aspects of application and product security.
- Perform any other application security or product security-related activities or tasks as needed.
- Partner with engineering and product leaders across the company to help them prioritize security issues in their products and balance business goals.
Your Experience:
- You prefer taking projects from inception to completion and are outcome-oriented.
- You act with empathy when partnering with fellow engineers and coworkers.
- You have experience working in distributed, performant, at-scale backend systems.
- You are able to think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
- You have 5+ years of experience with OWASP, static/dynamic analysis, and common security tools.
- You have a deep understanding of web application architecture.
- You have experience with application security tools (static code analysis, dynamic scanning, WAF, etc.).
- You have experience performing proactive research to detect new attack vectors.
- A pen-test certification such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN.
Technologies you'll work with:
- Kubernetes, Terraform, GCP, AWS
- PostgreSQL, Redis, Pub/Sub, Elasticsearch
- Ruby on Rails, Golang
For cash compensation, we set standard ranges for all roles based on function, level, and geographic location, benchmarked against similar stage growth companies. In order to be compliant with local legislation, as well as to provide greater transparency to candidates, we share salary ranges on all job postings regardless of desired hiring location. Final offer amounts are determined by multiple factors including geographic location as well as candidate experience and expertise, and may vary from the amounts listed above.
Benefits:At Handshake, we'll give you the tools to feel healthy, happy and secure.
- Stock: Ownership in a fast-growing company.
- Hub-Based Remote Work: Handshakers can enjoy the flexibility of remote work whilst ensuring in-person collaboration, and team experiences remain possible.
- Financial Management with Origin: We provide you with a professional financial planner via Origin to gain a better understanding of making the most of your compensation, equity, benefits, and perks.
- Paid Parental Leave: All new parents at Handshake (both birth and non-birth giving) are encouraged to take time to focus on their growing family and are eligible for paid family leave. US Handshakers are provided up to 16 weeks of paid family leave for birth-giving parents and 10 weeks for non-birth-giving parents.
- Mental Health Assistance: We are here to support you in every step of your mental health journey; our benefits include Employee Assistance Programs that offer counseling support for those eligible.
- Home Office Stipend: Handshake offers $500/£360 for you to spend on setting up a productive and comfortable workspace at home.
- Learning: Learning & Development opportunities and an annual $2,000/£1,500 stipend for you to grow your skills and career.
- Team Bonding: Regularly scheduled virtual company-wide and team events! Once it’s safe, we’ll provide meaningful connection points throughout the year for Handshakers to build community and meet teammates in person.
- Great team: Working with fun, hardworking, nice people who are committed to making a difference!
(US Handshakers)
- 401k: We care about your ability to save for your future. Launching Spring 2022, Handshake will offer a dollar-for-dollar match on 1% of deferred salary, up to a maximum of $1,200 per year.
- Healthcare: World-class medical, dental, and vision policies including LGTBQ+ Coverage.
- 2022 Time Off: All full-time US-based Handshakers are eligible for our flexible time off policy to get out and see the world. We also offer 8 standardized holidays, 2 additional days of flexible holiday time off, and 2 one-week periods of Collective Time Off (7/4-7/8/2022) and (12/26-12/30/2022).
(UK Handshakers)
- Pension: Handshake matches 3% of your salary towards your pension scheme.
- Healthcare: Handshake's comprehensive healthcare policy covers 100% of employee premiums & 100% of dependent premiums for medical, dental, and vision benefits.
- 2022 Time Off: Up to 25 days of vacation to encourage people to reset, recharge, and refresh, in addition to 8 bank holidays throughout the year.
Benefits above apply to employees in full-time positions.
Looking for more? Explore our comprehensive US benefits at joinhandshake.com/careers.
Interested in what Handshake’s San Francisco HQ is like when we’re together? Check out this video: