Application Security Engineer at A Cloud Guru
CHAMPION | MONITOR | MITIGATE
We're looking for an Application Security Engineer who can work collaboratively with Software Engineering teams to mitigate potential security threats and participate in building a culture of security in Engineering at ACG. You'll perform threat models and use AWS Security tooling in a SaaS product-led environment. This role will use knowledge and experience in vulnerabilities to level up how we build products, with security front of mind and bring consistency to how we go about it. If this sounds like you - please read on and apply below!Hello, we're A Cloud Guru
Our friends call us ACG.
A Cloud Guru was built by engineers for everyone, everywhere. Here, you’ll have the freedom to follow your curiosity. We’re not afraid to just try, because when you’re working with cutting edge technologies, experimentation and trying out new ideas have to be encouraged and celebrated. Our engineers are building the world’s largest (and most awesome) cloud learning platform. Why? Our mission is to teach the world to cloud. Our fun, practical courses have helped over 2 million people learn to cloud, and we’re just getting started.
There aren't many company cultures like A Cloud Guru's in the world. This year, we were awarded Best Company Culture and Best Companies for Diversity.What makes the Engineering team awesome...
We’re not a training company that just decided to sell training courses. We grew up out of the cloud ecosystem. We were a bunch of cloud engineers who pulled people together to create a training platform. That’s why we’re genuinely passionate about what we create. And we are known for practicing what we preach. We’ve built a product using cloud-first Serverless Architecture with tools like Lambda, API Gateway, GraphQL and ReactJS. All that aside, we're a friendly, down-to-earth, and collaborative group. There are no high-performing jerks and no heroes. Just great teams.
You'll do well at ACG if you're open to learning and trying new things, and you like to be surrounded by other friendly, passionate and driven people. –Natasja, Makeup Guru (and Software Developer)As an Application Security Engineer at ACG, you’ll get to:
- Facilitate efforts in Engineering Teams to perform and maintain threat models and provide coaching and guidance to Engineers
- Use knowledge of common risk of risks and vulnerabilities to guide Engineering teams in building products
- Use and maintain security tooling and processes, such as DAST / SAST tools and vulnerability reporting
- Deploy and automate AWS security features such as; IAM rules, AWS Config, roles etc.
- Confirm vulnerabilities in reports such as responsible disclosures
- Promote and champion a culture of Application Security among teams
- Facilitate and participate in incident response efforts
- Record and communicate vulnerability findings and keep records up to date
We focus on hiring values-aligned people, because we believe the right person can learn all the things to be successful in their role. Self-belief plays a big part in what you apply for. We encourage all job applicants to apply even if they are nervous to do so. Uni degrees aren't required for any roles, and career gaps or switches are totally welcome.
- 3+ years working in the Application Security Engineering field
- At least 1 year of experience in software engineering or scripting, using any language or framework
- Experience building threat models and risk assessments in an Agile Software delivery environment
- Experience communicating security threats and vulnerabilities to technical and non-technical stakeholders
- Demonstrated experience with at least one of the following AWS features; CLI, CloudFormation or Security Tooling
- Knowledge of the OWASP Top 10 security threats
- Knowledge or understanding of GDPR
We want the people who care about doing a good job. The ones who have the humility and hunger to learn. - Sam Kroonenburg, Co-Founder and CEOMore than a job
Where you work isn’t just a career decision — it’s a life decision. Everyone has family, friends and interests outside of their careers, so we offer perks and benefits to make work, work better for you.
- 5 weeks annual leave + sick time + holidays. Because even when your office is your living room, we all need time to unplug.
- Remotely awesome. Get $700 to level up your home office, monthly snack boxes, free Headspace access, weekly lunch funds, and $50 monthly for internet.
- Remote first environment. Feel connected to your coworkers with events inspired by our values, weekly virtual happy hours, and lunchtime trivia.
- $1,000 USD continuing education budget. All Gurus get $250 USD a quarter to spend on personal development.
- 2 hours each week reserved for learning. Every Friday for 2 hours, we put down our normal work and spend time learning something new.
- Get certified on us. A Cloud Guru will cover the cost of sitting all industry cloud certifications.
Applying for a job can feel intimidating and like a full-time job of its own. You shouldn’t have to burn through a week of sick time or all your best out-of-office excuses just to put feelers out for a new career opportunity. It’s our goal to provide you a fair, efficient interviewing experience that respects you and your time — and to do it all with a touch of delight.
Once you submit an application, we’ll review it. If you’re a good fit, you’ll have an initial chat with a recruiter over the phone. A phone interview with a manager typically follows. Depending on your role, you might then be asked to do a little homework (but nothing too time consuming). Then we’ll schedule a Zoom call to meet other members of the team, answer any questions you have, and give you a feel for what it’s really like to work at ACG. If you're on the fence, just give it a try.
Keep being awesome, cloud gurus!