Senior AppSec Engineer at Ibotta
Ibotta is seeking a Senior Appsec Engineer to join our innovative team and contribute to our mission to Make Every Purchase Rewarding.
In this role, you will partner with our engineering, product, and data science teams to assess our code, sites and applications, prioritize risks for remediation, and integrate security into our SDLC. You will lead our third-party pen tests and will also lend a hand in day-to-day security operations.
This position is located in Denver, Colorado, or with the option of full-time remote. Candidates must live in the United States.
What you will be doing:
- Embrace and uphold Ibotta’s Core Values: Integrity, Boldness, Ownership, Teamwork, Transparency & Advocate for Savers
- Implement and operate DAST and SAST tools, identify false-positives, and suggest remediation paths for valid findings.
- Build collaborative relationships with developers, engineers and data scientists across the organization. Work with these stakeholders to conduct security reviews and manual/automated penetration tests of Ibotta’s products, source code, stored procedures, datastores, server/service configurations, and applications.
- Validate and respond to ‘netizen, client, partner, and supplier reported application vulnerabilities. Prioritize true positives for remediation.
- Manage applicable supplier relationships (ex: SAST, DAST providers)
- Analyze Ibotta’s architecture to identify weaknesses & develop opportunities for improvement.
- Evaluate, recommend, and implement security related software to make Ibotta’s SDLC more secure.
- Define and document application security requirements, systems, and methodologies.
- Provide accurate & timely reporting on all project deliverables.
- Provide practical application security best-practice guidance to Ibotta, and help educate and train developers in secure coding best practices.
- Participate in 24/7 oncall rotation and incident response.
What we are looking for:
- 5+ years’ Information Security Engineering experience, in a technical capacity.
- Self-starter, able to operate independently.
- Must have the ability to work effectively across the organization/collaborate effectively with both technical and non-technical team members, possess excellent oral & written communications skills, and demonstrate effective problem-solving skills.
- Familiarity with enterprise logging (splunk)
- Experience with Python and data wrangling languages such as SQL
- Experience with commercial offerings for application security testing and analysis (Qualys, Checkmarx, Burpsuite, etc.)
- Good understanding of RESTful APIs and microservices.
- Solid understanding of Continuous Integrations/Testing/Delivery
- Advanced knowledge of web application testing tools.
- Ability to write proof-of-concept exploits required.
- Working knowledge of application containers frameworks and technologies (Docker, Kubernetes, etc.).
- Experience with penetration testing web-based SaaS applications and systems operating out of Cloud infrastructure (AWS, Azure, etc.).
- Experience with penetration testing mobile apps and browser extensions/plugins
- Knowledge of application-level attacks and mitigation methods, with a thorough understanding of OWASP top 10.
- Experience with PHP, Python and Ruby
- CEH, eCPPT, eWPT, GWAPT, OSCP, or equivalent experience.
Built in Denver, CO, Ibotta ("I bought a...") is a free mobile shopping app that gives users cash back on groceries and more. Through our partnerships with brands and retailers like Procter & Gamble, Kraft Heinz, Kellogg, Amazon, Walmart, Target and Uber, we’ve delivered over $800 million in cumulative cash rewards to our Savers. Guided by our values and our mission to make every purchase rewarding, we come to work energized by the business problems we get to solve, the technology we get to build, and the people we get to innovate (and have fun) with. Ibotta made Inc.’s 2020 list of the 5000 fastest-growing private companies in the U.S. for the third consecutive year. In 2019, we became the first mobile consumer technology company in Colorado to achieve $1B in valuation.
- This position is located in Denver, CO, or with the option of full-time remote, and includes competitive pay, flexible time off, benefits package (including medical, dental, vision), Lifestyle Spending Account, 401k match, profit sharing and equity.
- Base compensation range: $125,000 - $155,000. Total compensation for this role also includes a variable component in addition to base salary.
- Ibotta is an Equal Opportunity Employer. Ibotta’s employment decisions are made without regard with race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation, or any other legally protected status
- Applicants must be currently authorized to work in the United States on a full-time basis.