We are looking for a Senior Application Security Engineer to join our growing team! As a Senior Application Security Engineer, you will have the opportunity to take your penetration & overall application security testing to the next level! Our team performs everything from biometric & Web security testing to remediation, as well as creating automated security products, enabling stakeholders across CLEAR to deliver secure software.
What You Will Do:
- Partner with the companys Product, Software Engineering, DevOps, & IT teams.
- Perform security risk assessments, manual penetration security testing, automate security testing, threat modeling, & develop/conduct education on secure coding.
- Deliver security products & consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CLEARs next generation CI/CD pipelines.
- Lead internal & external penetration tests across CLEARs most critical assets, as well as triage issues with internal stakeholders for remediation.
- Develop functional & non-functional security requirements, including delivering secure applications & services, that strike a balance of product usability.
- Foster & enable a secure by default culture.
Who You Are:
- Minimum of 3 years of experience in software development & implementing security into SDLC processes.
- Minimum of 5 years experience. Minimum 2 years relevant architecture experience with expert level knowledge of application systems design & integration.
- Comprehensive knowledge, experience, & understanding of testing for the OWASP Top 10 or CWE Top 25, including PoCs, automating attacks, & secure code remediation.
- Excellent interpersonal communication skills. Can explain very technical topics to all audiences & break down vulnerabilities to both developers & leadership.
- Personal passion for security & cutting edge security concepts.
- Required Skills:
- Strong understanding of Software Security Architecture & Design, SDLC, CI/CD, & the ability to clearly articulate best practices for application security.
- Experience with evaluating, deploying, & managing application security tools (e.g. DAST, SAST, IAST, RASP, WAF) & building strong vendor relationships.
- Previous web application security testing or Incident Response (IR) experience, including presenting & documenting vulnerabilities, findings or incidents.
- Experience with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud).
- Ability to listen for nuances, dig into details in order to understand systems deeply, & articulate technical details & risks to business leaders.
- Familiarity with one or more industry standards & regulations such as PCI, NIST 800-53, FedRAMP & ISO27001.
- Desirable Skills:
- Experience using security testing tools such as Burp Suite, Metasploit, OWASP ZAP, nmap, Frida, etc.
- Participates in CTFs or actively contributes to the security community (e.g. exploitation development, maintaining/publishing security tools, blogging).
- Experience with mobile platform-specific security, privacy, & permission concepts for iOS & Android mobile platforms as well as mobile technologies such as WebViews, TouchID/FaceID API, etc.
- Bachelor's degree or higher in Security, Computer Science, Networking, or similar.
How You'll be Rewarded:
At CLEAR we help YOU move forward - because when youre at your best, were at our best. Youll work with talented team members who are motivated by our mission of making experiences safer & easier. Our hybrid work environment provides flexibility. In our offices, youll enjoy benefits like meals & snacks. We invest in your well-being & learning & development with our stipend & reimbursement programs.
We offer holistic total rewards, including comprehensive healthcare plans, family building benefits (fertility & adoption/surrogacy support), flexible time off, free OneMedical memberships for you & your dependents, & a 401(k) retirement plan with employer match. The base salary range for this role is $180,000-210,000, depending on levels of skills & experience.
The base salary range represents the low & high end of CLEARs salary range for this position. Salaries will vary depending on various factors which include, but are not limited to location, education, skills, experience & performance. The range listed is just one component of CLEARs total compensation package for employees & other rewards may include annual bonuses, commission, Restricted Stock Units
Have you ever had that green-light feeling? When you hit every green light & the day just feels like magic. CLEAR's mission is to create frictionless experiences where every day has that feeling. With more than 13+ million passionate members & hundreds of partners around the world, CLEARs identity platform is transforming the way people live, work, & travel. Whether its at the airport, stadium, or right on your phone, CLEAR connects you to the things that make you, you - unlocking easier, more secure, & more seamless experiences - making them all feel like magic.