Application Security Engineer at Zwift
Seniority Level: Mid-Senior
Location: Long Beach, CA
About the role and about You:
The Zwift InfoSec Team is looking for an Application Security Engineer to help build and grow product security within service and engineering teams in order to address both deeply technical and programmatic security issues, as well as emerging new threats. This individual will lead application security assurance efforts, provide code reviews and tooling, and liaise with development and operations teams across the company to provide security awareness and consultation. The role requires partnering with key project stakeholders to define key security issues, as well as identify, prioritize, and categorize security remediation plans. Application security engineers oversee and influence cross-functional security diligence and integration teams to ensure all relevant security concepts are considered.
Successful Application Security Engineers at Zwift are self-starters, able to work autonomously, natural problem solvers, collaborative, and not phased by adversity or ambiguity. You should have strong problem-solving skills, excellent communication skills, a deep technical understanding of modern cloud security threats, strong scripting and automation skills, and the desire to be an individual contributor to securing Zwift’s platform and system/services technology.
What you’ll do:
- Work with application development teams across Zwift to provide guidance on best practices for secure application development across a variety of languages and frameworks.
- Collaborate with application development teams to improve security test coverage and functional security testing.
- Triage incoming bug reports both from the information security team and the security research community and work to prioritize and remediate bugs with affected application and infrastructure teams.
- Advise and consult internal customers on risk assessment, incident triage, threat modeling, and security vulnerability mitigation.
- Mentor developers on evolving threats to their applications and help to insure state of the art secure development practices are being used.
- Perform code reviews of security critical code.
What we’re looking for:
- 2+ years of application security experience designing, building or testing web and API based architectures.
- Understanding of security vulnerabilities, attacker exploit techniques and methods for remediation of such.
- Excellent understanding/working knowledge of the public cloud infrastructure and services in AWS (IAM, KIAM, VPC, KMS, CloudWatch, Systems Manager, S3, RDS, Route53, Lambda, AWS Config, etc.)
- Excellent understanding of docker and container orchestration with kubernetes and experience running production kubernetes clusters in Amazon EKS, Google GKE, or similar managed platform.
- Scripting skills (e.g., Python, Go, JS, C, C++, Java, Ruby, or PowerShell)
- Prior working experience in or with a Software Development Team.
- Experience creating or working with bug bounty programs.
- Identify opportunities for process improvement, including the development and implementation of internal security tools, tactics, and procedures.
- Perform both black box and white box security auditing of Zwift applications, networks, and infrastructure.
How to stand out among the rest:
Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.
Of course, we are nothing without our values. Our values ground us. They ensure we run and build a company where people love to work, feel like they are welcomed, included, and belong. Only then can they thrive and do their best work. The values we strive to live every day are:
- Make It Fun
- Elevate Teammates
- Cultivate Our Community
- Always Level Up
- One Zwift for All
We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing [email protected].
Zwift, Inc. is an Equal Opportunity Employer.