Events  Classes  Jobs 
    Sign in  
CLEAR // biometric identity platform
Engineering, Full Time    New York City, United States    Posted: Thursday, May 02, 2019
Apply To Job

CLEAR transforms what is uniquely you your fingerprints, your face, your eyes into a secure, biometric key to frictionless experiences. We are creating a world where travel is effortless, where accessing your office building is as simple as walking in, & where shopping is as easy as walking in & out of a storewithout ever once showing an ID or credit card. CLEAR currently powers secure, frictionless customer experiences in nearly 40 U.S. airports & venues. With over 3 million members so far, CLEAR is the identity platform of the future, today.

Were looking for an outstanding & passionate Senior Application Security Engineer. In this role, your primary focus will be ensuring, enforcing, & maintaining our high standards of security, specifically with regards to member data.

This role is hands on & technical while requiring a heads-up nature to identify gaps & drive the creative application of state-of-the-art security practices & controls. CLEAR is a fast & nimble company, so the ideal candidate will be able to leverage automation & data analysis to embed continuous security practices into our development & operational workflows. The application security program must be designed to ensure that any software developed or acquired meets these stringent standards while enabling rapid innovation to meet the ever-changing needs. Successful candidates will be security evangelists who can translate security concepts into language that is meaningful to many audiences, including business & technical leaders.

What you will do:

  • Work with Software Engineering & DevOps leaders to build CLEARs next generation build & deploy (CI/CD) system. Define technical requirements, deploy & manage tooling, build processes to handle application security issues before they are released.
  • Partner with the companys Software Engineering, DevOps, & IT teams to ensure all new & existing software has been fully vetted & remain secure. Perform code review, security risk assessments, manual security testing, automated security testing, threat modeling, & educate developers on security best practices for security issues.
  • Lead internal & external penetration tests of CLEARs most critical assets, as well as triage issues with internal stakeholders for remediation.
  • Establish security standards & specifications to balance the needs of a more secure product offering with the needs of the business. Ensure all internet facing, backend services, data stores, & supporting infrastructure are built & maintained with security in mind.

Who you are:

  • 5-8 years of experience in software development & implementing security into organization wide SDLC processes.
  • Minimum of 8 years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design & integration.
  • Has excellent interpersonal communication skills & can take very technical issues & make them understandable to all audiences.
  • Personal passion for security & cutting edge security concepts.

Required Skills:

  • Strong understanding of Software Security Architecture & Design, SDLC, CI/CD, & the ability to clearly articulate best practices for application security.
  • Experience writing & pentesting web applications & web services.
  • Proficient in reading many different programming languages.
  • Experience writing in one or more of the following programming languages: C/C++, Java, Ruby, Python, & JavaScript.
  • Able to evaluate, deploy, & manage application security tools (e.g. DAST, SAST, RASP, WAF) & build strong vendor relationships.
  • Experience with a public cloud based provider (Amazon Web Services, Microsoft Azure, or Google Cloud Compute)
  • Demonstrable knowledge of TCP/IP, HTTP, RESTful APIs, application security, & experience supporting service-oriented, asynchronous, & distributed application architectures.
  • Previous experience on a Security team, coordinating responses to security incidents and/or writing & presenting application security assessment reports.
  • Knowledge of containers & scheduling frameworks (e.g Kubernetes, Docker Swarm, DCOS, ECS).
  • Experience integrating security practices into continuous integration tools & pipelines.
  • Well-rounded background in host, network, & application security including knowledge of internet security issues & threat landscape
  • Candidates must be able to explain all vulnerabilities & weaknesses in the OWASP Top 10, WASC TCv2, & CWE 25 to any audience, & discuss effective defensive techniques.
  • Ability to listen for nuances, dig into details in order to understand systems deeply, & articulate technical details & risks to business leaders.
  • Familiarity with one or more industry standards & regulations such as PCI, NIST 800-53, FedRAMP & ISO27001.

Desirable Skills:

  • Strong programming & scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
  • Participates in CTFs or actively contributes to the security community through exploitation development.
  • Bachelor's degree or higher in Computer Science.
Apply To Job
© 2020 GarysGuide      Terms