Hippo is modernizing home insurance by putting customers at the center of everything we do. Using innovative technology & a data-driven approach, we strive to provide homeowners with the best policies, best value, & best customer service in the industry. And as if that isnt enough, its really just the beginning. Hippos true ambition lies in helping prevent people from experiencing problems with their homes to begin with. Because, at the end of the day, the best home insurance policy is the one you never have to use.
About you: To support our continuous growth, we are looking for an experienced Application Security Engineer to identify application security gaps & own projects to address them. The ideal candidate brings demonstrated experience in secure application development & an understanding of cloud environments & their inherent infosec challenges.
What Youll do:
- Participate in & support application security reviews & threat modeling, including code review & dynamic testing.
- Design & execute penetration tests against our products & infrastructure.
- Perform deep architecture & security reviews on complex Cloud SAAS solutions & software.
- Identify & map attack surfaces, assess threats, & prioritize issues across the infrastructure & applications
- Develop mitigation strategies & solutions to gaps that are identified.
- Provide subject matter expertise on creating resilience within our products & infrastructure to combat current operational & cyber risks & attack techniques
- Work with developers, project managers, cloud architects, & other stakeholders to help ensure security principles are being incorporated into the engineering design & deployments.
- Help drive the continued adoption of Secure Software Development Lifecycle across Hippo.
- Build tools to automate & integrate application security testing & compliance.
- Own code-related Infosec programs, such as our Bug Bounty Program, Code Scanners & Developer Education.
- Familiarity with common security libraries, security controls, & common security flaws.
- Deep understanding of modern security defenses for single page applications.
- Proficiency in writing glue scripts in the language of your choice.
- Proven expertise in detection, exploitation, & mitigation of common web application security vulnerabilities.
- Strong knowledge & experience with securing publicly-facing API endpoints & gateways.
- Experience performing penetration testing of web applications, code scanning & secure code reviews.
- Solid knowledge of at least one modern cloud environment (e.g., AWS, Azure, GCP).
- In-depth knowledge of web security standards & best practices (e.g., OWASP Top 10) and authentication infrastructure (SAML, OAUTH, JWT, Auth0).
- Ability to lead & manage projects with multiple security initiatives.
- Robust problem-solving & excellent troubleshooting skills.
- Understanding of network & web related protocols (such as TCP/IP, UDP, IPSEC, HTTP, HTTPS).
- Familiarity with cloud security controls & best practices.
Nice to Haves:
- Industry certification: Certified Ethical Hacker, OSCP, OSEP, GPEN
- Startup experience