Application Security Engineer

What you can expect to work on in this role

Application Security Engineering is instrumental to building customer trust in our services. We strive to enable teams to ship products securely and easily. You know that if you are seen as a blocker, you need to rethink the approach.

You will work across our engineering teams to ensure that we build secure products and features, and take a hand in building security tooling and features yourself. You are a culture builder and have not forgotten the people aspect of people, process, and technology.

Work with other engineering teams to

  • Guide security and privacy initiatives by participating in design reviews and threat modeling
  • Evangelize secure coding practices across all engineering teams
  • Integrate security into development and continuous delivery systems
  • Use attack driven techniques to defend our applications and systems and discover new vulnerabilities across our web and mobile application portfolio
  • Develop new automation and tooling to improve attack and fraud prevention
  • Develop innovative methods to secure customer information, transactions, and investments
  • Manage relationships and engagement with external security researchers
  • Perform cutting-edge applied research on new attacks and present new findings to both internal and external audiences

You’ll answer questions like

  • How do you motivate engineers adopt secure patterns not only for security’s sake, but because it helps them build faster?
  • What indicators can help determine whether users who successfully authenticate to our services are who they claim to be?
  • How do we evolve the continuous delivery pipeline to include security testing as part of quality assurance?
  • How do you detect attacks against your applications before they turn into successful exploitation?
  • What can we improve to ensure a delightful product experience while protecting the assets of the fastest growing automated investment advisor?

You'll be effective if you

  • Have deep technical knowledge of security engineering, authentication and security protocols, and applied cryptography
  • Have strong experience in securing RoR, Java, iOS and Android applications
  • Are familiarity with security tools such as static analysis, runtime analysis, black-box testing
  • Are proficient in at least one programming language
  • Understand the people aspects of security and enjoy collaborating with others to build secure things
  • Make contributions to the security community such as research, public CVEs, bug-bounty recognitions, open-source projects, and blogs or publications
  • Believe continuous delivery is a net gain for security
  • Want to build things as much as you want to break things
  • Thrive in a startup environment

Tools in your belt

Open source and commercial static analysis tools, web application vulnerability scanners, manual testing methods, Ruby, Java, Objective-C, AWS, and a solid ability to think like an attacker.

At Betterment, you’re going to…

  • Build secure things and break the unbreakable
  • Automate and scale security
  • Measure progress in our secure product development process

Come join us

Back to top