At Branch, were transforming how brands & users interact across digital platforms. Our mobile marketing & deep linking solutions are trusted to deliver seamless experiences that increase ROI, decrease wasted spend, & eliminate siloed attribution. Our team consists of smart, humble, & collaborative people who value ownership over all we do to create a product, team, & company that lives & breathes our motto: Build Together, Grow Together, Win Together.
We are looking for a Senior Product Security Engineer to join our fast growing team. The Security team keeps Branch safe with both preventive & offensive security measures. We also cover customer security requests (ie: sales enablement for sales deal closure) & customer security escalation. The ideal candidate has the skills of an application security engineer, with a background in development or engineering.
As a Senior Product Security Engineer, youll get to:
- Provide guidance & pragmatic solutions on application security design, including preventive & offensive security measures to cross-functional teams (engineering, product, customer success, sales & legal).
- Respond to various cyber security threats & vulnerabilities: triage, prioritize & remediate security vulnerabilities reported from SAST tools (e.g. Veracode), DAST tools (e.g. Qualys, AWS Security Hub), bug bounty program & external penetration tests.
- Conduct technical design reviews by identifying the security risks, relevant attack vectors & potential attack scenarios.
- Conduct technical code reviews for new product features by reviewing code & recommending design or code changes for security remediation.
- Conduct manual application penetration testing for new product features & network penetration testing for cloud infrastructure (aka RED team).
Youll be a good fit if you have:
- A Bachelors degree in Computer Science, a related technical field, or equivalent experience.
- 5+ years of professional experience in product security, including security issue remediation, security design review, code review, & vulnerability scanning (e.g. Veracode, Qualys).
- Experience conducting manual security penetration testing using tools such as Burp Suite.
- Experience working with engineers in product feature design reviews & code reviews.
- Strong communication skills & ability to prioritize competing issues.
- A willingness to collaborate & engage with different teams & the ability to dive into technical details.
Nice to Haves:
- Hands-on experience in DevSecOps areas such as security testing automation with CI/CD, security remediation using SAST/DAST tools or security tools automation using AWS Lambda Edge.
- A track record in contributing to open source software or security meetups.
- Security credentials such as AWS Security specialist, OSCP, CEH or CISSP.
A little bit about us:
- Branch has raised more than $330M from investors such as NEA, Founders Fund, & Playground Ventures.
- We are headquartered in Silicon Valley & have presence all over the world.
- Diversity at Branch ranks in the top 10% for similarly sized companies (by Comparably).
- We are ranked as the #3 fastest growing company in North America on Deloittes 2020 Technology Fast 500 list.
- In 2020, we were recognized as one of Forbes Best Startups, Great Places to Work, & Bay Area Best Places to Work. In 2021, we made Comparablys list of the top 50 best engineering teams.
- We have more than 3 billion monthly users & are partnered with over 75,000 apps.
If you think youd be a good fit for this role, wed love for you to apply! At Branch, we strive to create an inclusive culture that encourages people from different backgrounds & age groups to bring their unique, diverse perspectives to work. We aim every day to build an environment that empowers us all to do the best work of our lives, & we cant wait to show you what we have to offer!