Senior Application Security Engineer
Company Description
Optimizely is the world’s leader in Progressive Delivery and Experimentation. Its platform includes technologies for modern software development, such as feature flags, progressive rollouts, A/B testing at scale, AI-powered personalization, and real-time analytics. Millions of experiments and feature flags have been run on our platform to understand what works — and what doesn’t — eliminating guesswork. The world’s greatest companies choose Optimizely to power their product development and experimentation teams, including Visa, H&M, StubHub, IBM, Atlassian, BBC, and many more.
Job Description
Security is in the foundation of over 3000 customers’ trust in Optimizely. In this role, you will help drive our Application Security Program that enables security to be baked into all of our products and infrastructure built here at Optimizely. The responsibilities are a blend of Development, Security Engineering and a sprinkle of Project Management. This opportunity represents an ability for someone to have an impact across an entire engineering organization and to be instrumental in building a world-class security program.
- Help lead the application security program in Optimizely Engineering- ensure that security is baked in to everything we build at every step of the software development lifecycle
- Maintain our software security awareness program and ensure 100% of engineers stay informed annually of top security risks and best practices
- Create application security standards and guidelines for engineering
- Perform security reviews of technical design documents
- Evaluate new tools, processes, and frameworks; Drive adoption of the best ones
- Review and respond to new security threats
Qualifications
- Software engineering background at a SaaS company. You may not be coding often, but you will need to be comfortable reviewing and discussing code with software engineers
- Experience with security activities throughout the software development lifecycle- design reviews, threat modeling, code reviews, tooling, penetration testing. You will act as the Security Partner for one or more Engineering teams to facilitate these practices.
- Exceptionally clear communication skills- you'll need to communicate effectively and build relationships with all levels and roles at Optimizely
Required Experience
- Bachelor’s Degree in Computer Science or a related field
- Implementing software security programs like the Security Development Lifecycle at a SaaS company
- Must be proficient in at least one language such as Python, Java, or Golang
- An understanding of common application security problem spaces, and frameworks to mitigate or remediate
- Thorough knowledge of OWASP Top 10
Additional Information
At Optimizely, we embody inclusion and embrace diversity through our values and actions. It is core to Optimizely’s culture, as well as our success, that we are an equal opportunity employer who makes employment decisions on the basis of merit. We are looking to create a diverse and multifaceted team where everyone is welcome. As part of this mission, we prohibit discrimination in any form. Read more about our culture and check out our fantastic benefits at optimizely.com/careers/.
Psst... There’s no such thing as the perfect candidate! So don’t let imposter syndrome hold you back. Please apply if this is a role that would make you excited to come into work everyday - we look forward to receiving your application!
Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.