Security Engineer, Application Security (Remote)

View All Jobs

Moving is one of the most universally relatable problems. Most of us have moved at least once and everyone thinks moving is painful. Updater is solving that pain at scale. We’re a well-funded and growth-focused company, with technology that touches nearly 50% of all household moves in the US annually, and we’re growing quickly. We’ve redefined an age-old industry and thousands of moving companies depend on our category-leading platform.

Your role is an Archimedes lever in our pursuit to deliver a product that is fast, scalable, stable, safe, and compliant. As an expert in security who comes from a developer background, you will be in the perfect position to support the software engineering teams (PODs) you are matrixed into. 

Software engineers have their responsibilities in our “shared security responsibilities” but your role is a unique bridge where you can help guide the security strategy based on what you are seeing to PODs you support need to be successful. Is time being spent on updating base images? Help design a process so all future deployments are patched by default. Are PODs dealing with the same class of vulnerability over and over? Help design and implement secure libraries and frameworks to address the root cause.  The role requires empathy, creativity, and an eye for systems thinking. Security is at the heart of what we are building at MoveHQ and we want every engineer to be set up for success, come explore the role and see if this is the right move for your career.  

About the Role

• Being a “go-to” resource for the security champion for each POD
• Participating in application architecture meetings 
• Perform security-focussed code reviews
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Assist in the development of security processes and automated tooling that prevent classes of security issues (ie. Secrets in Code, Cross-Site Scripting, etc)
• Support our bug bounty program
• Coordinating penetration tests from our security partners
• Testing the efficacy of our security controls 

About You

• 5yrs of secure developer experience 
• Strong experience working closely with developers
• Familiarity and ability to explain common security flaws and ways to address them (e.g OWASP)
• Strong understanding and experience with common security libraries, security controls, and common security flaws
• Familiarity with some common security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools)
• Development or scripting experience and skills. Ruby, Ruby on Rails, JavaScript, and/or Go are preferred
• Bonus - You are an avid reader of https://betterappsec.com/ and/or https://tldrsec.com