Listing Description
Do you want to secure products that connect thousands of diners to restaurants every day? Do you love researching attack vectors in well formatted, unit-tested, and documented code written in Python and JavaScript? Can you balance security, product advancement, and maintainability to help us continue to ship secure web applications?
If all() of your answers to the above == True, keep reading; this might be the secure application environment you’ve been looking to protect and defend.
ChowNow is looking for a motivated and experienced Senior Application Security Engineer to join our team in our mission to develop efficient and developer focused security solutions. We are dedicated to identifying ways to increase developer velocity while ensuring security is baked into the SDLC. Our team is also focused on being a trusted partner to the engineering team by building strong relationships with developer squads and being viewed as enablers rather than blockers.
About Us:
ChowNow’s vision is to become the leading North American platform connecting diners and independent restaurants for at-home dining. The ChowNow Platform continues to grow its product offerings and bring restaurants and diners closer together. Our marketplace provides a commission-free ordering for restaurants nationwide and diners with an ever-growing selection of independent restaurants. Our demand network provides diners with the ability to order where they’re already online, including Google, Yelp, Instagram, Snap, and many others. And our white-labeled online ordering system provides restaurants with a branded experience for diners on their website and their own iOS and Android apps for a reasonable monthly fee regardless of order volume. To date, we’ve created over 20,000 apps for our restaurant partners – something that’s never been done before in our category. We operate this way because of our belief in being fair, sustainable, and equitable with our restaurant partners and the same goes for our culture.
Diversity, teamwork, and mutual respect are among our core company values. We pride ourselves on giving our teams plenty of opportunities to make their mark. As we expand to new markets, while scaling responsibly, those opportunities to create, build, and grow will only increase.
Join us and help ensure ChowNow becomes the diner’s first choice for socially responsible online ordering. Together we can preserve neighborhood flavor, one restaurant at a time.
Our Product and Technology
Our backend applications are written in Python 3. The RESTful APIs we develop enable several client-facing platforms, ranging from our website products built with React & Redux to our native mobile applications. Depending on our use case, we store data in MySQL, Elasticsearch or Redis.
Our infrastructure-as-code platform is hosted by Amazon Web Services, developed and orchestrated using Ansible and Terraform. We automate as much as we can, utilizing Jenkins for deployments.
About the Position
ChowNow’s Engineering Team has built a reliable, stable, and modern platform enabling restaurant owners to accept pickup and delivery orders online. Our “quality product first” approach to engineering drives the team to succeed and has contributed to the success and growth of the company. We are looking for similarly minded engineers who care deeply about the product, the customers, the team members, and the codebase itself. As Senior Application Security Engineer, you will work closely with the Security and Engineering teams to develop secure solutions to interesting technical problems, explore exciting growth opportunities and ensure the security of our product.
WHAT WE LOVE ABOUT YOU:
You put restaurants first. You deeply understand the importance of local restaurants and put them at the center of everything you do. You aim to help them not only survive but thrive.
You celebrate diversity. You recognize that diversity and inclusivity matter. You’re committed to progress, which means everyone gets the support and resources they need, no matter who they are. You have an ability to listen to other team members' ideas and can thrive in an environment that embraces individuality. Everyone’s voice counts.
You raise your hand. You consistently go above and beyond what is asked of you. You help your peers accomplish their tasks while also excelling at accomplishing your own. When you have a smart idea, you raise your hand and share it.
You keep reaching. You set clear ambitious goals. You don’t allow yourself to become complacent with where you’re at and what you’ve done, so you seek out new opportunities and challenges.
In this role, you will:Play an active role in reviewing design and architecture changes to our platform by providing workable security solutions to engineering problems.Aid in the development of security automation and tool integrations.Research the latest security threats and how they may impact the ChowNow environment.Write custom scanner rules to identify security vulnerabilities most relevant to our applications.Consistently partner with engineering squads to understand the evolving platform and provide early, consistent, and useful security feedback.Review security relevant code and provide suggested fixes.Think strategically and systemically about security issues and vulnerabilities in order to ensure we are focused on central solutions instead of one-off fixes.Play an active role in guiding and implementing the Application Security roadmap.Conduct in-depth pentests of various application platforms such as python APIs and/or mobile applications.Focus on iterative improvement of security issues as well as Application Security team processes.Integrate SAST tools into the code review process and work with developers to create and curate rules that provide meaningful feedback.Conduct penetration tests for a variety of application architectures and frameworks.Take an active role in training developers in security focused development such as running a threat modeling or secure code workshop.Help solve complex authentication and authorization problems within a growing, cloud-based, micro-service architecture.
Within 1 month, you'll...Learn our business model and how it translates to platform architecture and features, and begin to find a balance between theoretical risk and development velocity.Understand the overall architecture of the ChowNow platform.Work on starter projects to get you familiar with the environment and get some quick wins.Meet and learn from relevant stakeholders to begin building partnerships and understanding current pain points.
Within 3 months, you'll...Begin integrating with assigned engineering squads by joining planning meetings, conducting security reviews of designs and code, as well as performing penetration tests where needed.Feel confident in all Application Security related operational work and feel empowered to push back where necessary.Understand major feature areas of our applications and be comfortable navigating the stack and infrastructure while being aware of potential exploit vectors.
Within 6 months, you'll...Feel comfortable as a knowledge leader of security of the ChowNow platform, contributing best practices and continuing to learn in the field. We want to learn as much as we teach.Begin leading larger scope projects and owning aspects of the Application Security roadmap.Have made a valued impact on multiple products across our platform by penetration testing and threat modeling our internal and external applications.Identify opportunities for increased security automation and developer autonomy throughout the SDLC lifecycle such as integrating custom SAST rules to identify unique threats or developing training to enable the engineering workforce to be more proficient in security needs.
You should apply if:You are comfortable in aiding developers in solving complex security problems such as designing microservice authentication architecture. You confidently read code and are able to identify key areas of security concern within a codebase. You are comfortable with various Application Security related tools such as Burp Suite, SAST scanners (semgrep, checkmarx, etc), SCA scanners, and more.You thrive in environments supporting your growth, and where you can support others.You like collaborating with multiple stakeholders to achieve a secure application and organizational posture.You are able to effectively communicate with developers by avoiding unnecessary security jargon. You focus on technical specifics of a problem and the real world risks associated.You are comfortable in ranking risk and making tough decisions on what to prioritize and when.You have experience building SaaS products, e-commerce or similar online platforms and testing or hardening security of those systems.You are excited about new technologies, and enjoy being on the cutting edge of offensive and defensive security research.You constantly work to get better at your craft and keep up with new developments and attack vectors.You are familiar with regulatory requirement frameworks such as PCI DSS.You make decisions based on data and evidence while considering the impact these decisions have on the business and the engineering squads you partner with.You enjoy an iterative, agile development process with frequent releases.You can demonstrate experience writing well documented POCs and summaries to communicate your findings.
About Our Benefits:Competitive SalaryOngoing training and growth opportunities.A "Best Place to Work" winner multiple times where we focus on creating a great employee experience.A remote first culture and monthly stipend offering flexibility to work where you want and how you want.Rock solid medical, dental, and vision plans.Mental Health Coverage - we offer several programs to support your mental health and wellness goals.3 weeks paid vacation; paid holidays; we expect you to work hard, but still enjoy your personal life7 weeks of baby bonding time for all new parents (within the first year of birth or adoption), 8 Weeks of Paid Pregnancy Leave.401(k) MatchingEmployer-contributing student loan assistance program.Commuter benefits (including Uber Pool).Employee Stock Incentive Plan.Pet insurance for your fur babiesQuarterly Industry Speakers Series.Quarterly Tech Events (Women, LGBTQ, Diversity, Inclusion).Consistent & fair leadership: we’ll share info, set clear goals, show you respect, and treat everyone fairly.Enough freedom to spread your wings while still holding you accountable.Fully stocked kitchen and cold brew on tap.ChowNow takes the health and safety of our team seriously and requires all employees to be fully vaccinated for COVID-19 prior to starting work. We strongly believe that this is the best way to protect our employees, families, clients, and communities. All requests for accommodations will be considered.
As one of ChowNow’s core values, “Celebrates Diversity”, we are committed to an inclusive and diverse work environment. ChowNow is an equal opportunity employer. We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.
Read
here about your California privacy rights.
#Li-Remote
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided