CLEARs mission is to strengthen security & create frictionless experiences for consumers. We believe you are you & by using your biometrics - your fingerprints, eyes, & face - we keep you moving.Imagine a world where you can do virtually everything you need to breeze through the airport, buy a beer at the game, check-in at the doctors office, access your office building, & more without ever pulling out your wallet or phone. Now in 60+ airports & other venues nationwide, you are your ID, credit card, ticket, reservation & more with CLEAR.
Were defining & leading an entirely new industry, obsessing over our customers, & investing in great people to lead the way. Recently named on CNBCs Disruptor 50 List & winner of the SXSW Interactive Innovation Award, we're working tirelessly to create frictionless customer experiences for our 4+ million members across the country.
We are looking for a Application Security Engineer to join our growing team! As an Application Security Engineer, you will have the opportunity to take your penetration & overall application security testing to the next level! Our team performs everything from biometric & Web security testing to remediation, as well as creating automated security products, enabling stakeholders across CLEAR to deliver secure software.
What You Will Do:
- Partner with teams & deliver security risk assessments, manual penetration security testing, automate security testing, threat modeling, & education on secure coding.
- Deliver security products & consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CLEARs next generation CI/CD pipelines
- Lead internal & external penetration tests across CLEARs most critical assets, as well as triage issues with internal stakeholders for remediation.
- Create functional & non-functional security requirements, including delivering secure cloud services, that strike a balance of product usability.
Who You Are:
- 2+ year of experience in software development & implementing security into SDLC processes.
- 2+ years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design & integration.
- Comprehensive knowledge, experience, & understanding of testing for the OWASP Top 10, WASC TCv2, & CWE 25, including PoCs, automating attacks, & secure code remediation.
- Excellent interpersonal communication skills, breaking down vulnerabilities to both developers & leadership.
- Personal passion for security & cutting edge security concepts.
- Strong understanding of Software Security Architecture & Design, SDLC, CI/CD, & the ability to clearly articulate best practices for application security.
- Evaluate, deploy, & manage application security tools (e.g. DAST, SAST, IAST, RASP, WAF) & build strong vendor relationships.
- Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud)
- Previous application security testing or Incident Response (IR) experience, including presenting & documenting vulnerabilities, findings or incidents.
- Ability to listen for nuances, dig into details in order to understand systems deeply, & articulate technical details & risks to business leaders.
- Familiarity with one or more industry standards & regulations such as PCI, NIST 800-53, FedRAMP & ISO27001.
- Strong programming & scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
- Participates in CTFs or actively contributes to the security community through exploitation development.
- Bachelor's degree or higher in Computer Science.