Who We Are:
At SpotHero, we work as a team to empower people to get everywhere, easier! We’re rapidly growing with the mission of bringing the parking industry into the future through technology. Drivers across the nation use the SpotHero mobile app or website to reserve convenient, affordable parking in advance, on-the-go or through their connected cars, and parking companies rely on us to help them reach new customers while optimizing their business. We connect the dots with cutting-edge technology, delivering value to both sides of this exciting, evolving marketplace.
Senior Application Security Engineer @ SpotHero:
The Senior Application Security Engineer will be helping to build the Application Security function at SpotHero. They will work closely with development teams, engineering and product managers and third-party groups (including the paid bug bounty program and security auditors) to identify and remediate security vulnerabilities in SpotHero’s products and practices.You like digging deep in infrastructure and code to find and fix the root cause of security vulnerabilities. You enjoy working with engineers of all disciplines and technology stacks both to achieve your goals and to educate others. You’ll be contributing to projects that are highly visible to our executive team.
Key Responsibilities (What will you do?)
- Support and consult with product and development teams around secure development of applications and features.
- Research, verify, and assist in remediating reported security vulnerabilities.
- Perform threat modeling and security focused code reviews
- Deploy and maintain code scanning tools used for testing code for applications and infrastructure.
- Lead security champions program and educate software developers on common vulnerabilities and measures they can take to prevent them in their applications.
- Assist in responding to security incidents.
Systems/Tools: SpotHero uses a broad range of systems and tools but you do not need to be an expert in all of them.
- IDEs, debuggers, open-source tools, Burp Suite
- Static and dynamic analysis tools such as Snyk or Semgrep
- Python/Django, Go, and/or Kotlin
- Amazon Web Services (AWS)
- Kubernetes, SumoLogic, Terraform
- Confluence, Jira, Google GSuite
- Knowledgeable in web/backend application security, with some understanding of mobile.
- Ability to manage and prioritize projects and drive them to completion.
- Proficient in developing and debugging in at least one programming language (Python, Go, Kotlin, etc).
- Experience performing threat modeling or performing web/mobile application penetration testing.
- Experience communicating with and educating engineering teams on security vulnerabilities.
- Familiarity in setting up and using static and dynamic code analysis, container auditing tools, or other tools incorporated in the software development lifecycle.
- Familiarity with cloud security controls and best practices. Experience with Amazon Web Services (AWS) is preferred but not required.
- Nice to have: OSCP, Certified Secure Software Lifecycle Professional (CSSLP), and/or equivalent certifications.
- Give Drivers the Right of Way
- Open-minded - Willing to consider new ideas.
- Pragmatic - You evaluate delivering risky software today against possible user impact.
- Unix Philosophy - Your software is easily understood and complexity is documented and explained
- Drive Growth
- Technical Capability - Ability to identify how systems and technology can improve ways of working.
- Action-Oriented - Maintains a sense of urgency to complete a task and seeks information rather than waiting for it.
- Operations/Process-Minded - Focuses on the tasks that are completed day-to-day to ensure strategic goals are able to be achieved in the most efficient and scalable way Possible.
- Leadership - Leads by example; motivates through actions and inspires others to do more.
- Mentorship - Provides guidance and helps transfer knowledge to less experienced teammates.
- Fuel Relationships
- Collaboration - Process of working with multiple individuals to complete a task or achieve a goal.
- Don’t Get Stuck in Traffic
- Problem-Solve - Assesses situations quickly and provides creative solutions for resolution.
- Resilience/Resourceful - The capacity to recover quickly from difficulties.
- Uphold Company Values - Actions are tied to company values to ensure focus on goals and objectives.
- Remember to Signal
- Communication - Communicates effectively and efficiently both verbally and in writing.
- Efficient - You know the difference between 'news' and 'noise' and broadcast updates accordingly.
- Effective - You are often good at explaining the why
- Proactive - You actively seek feedback on your work, design docs, etc
- Respect Fellow Drivers
- Empathy - Shows care and concern for another's situation.
- Influence Without Authority - Ability to get others to willingly cooperate and engage, rather than following directives because you're in a position of authority.
- Enjoy the Ride
- Positive Outlook - Generates excitement, enthusiasm and commitment by identifying how work performed supports SpotHero’s values.
- Intellectual Drive - Fosters an environment where creative thinking is embraced and encouraged.
What we are offering:
- Career game changer – A truly unique experience to work for a fast-growing startup in a role with unlimited potential for growth.
- Excellent benefits –
- In the US we cover up to 90% of Medical Premiums, 50% of Dental & Vision Premiums, company-sponsored Life Insurance, 401K, and generous parental leave.
- In Canada, we offer Medical (prescription drug and paramedical coverage), Dental, Vision, Life Insurance, STD, and LTD.
- Flexible PTO policy and great work/life balance – We value and support each individual team member.
- Learning Budget + Udemy license - We support the professional and personal growth of our people by providing everyone with learning resources and development opportunities.
- Annual parking stipend – we help people park!
- The opportunity to collaborate with fun, innovative, and passionate people in a casual, yet highly productive atmosphere.
- A workplace recognized as CityLights award winner by 1871, 2024 Best Places To Work by BuiltIn, and recipients of the Best Company Culture, Best Company for Women, and Best Company for Diversity awards from Comparably!
Steps to apply: Please include any GitHub account, LinkedIn profile, and any project that you’re particularly proud of. We love seeing work that others loved working on.
At SpotHero, we Respect Fellow Drivers by providing an inclusive interview experience for everyone, including people with disabilities. We are happy to provide reasonable accommodations to candidates in need of individualized support during the hiring process. Please let our team know of your need when you apply or as you begin interviewing with our team.
SpotHero is an equal opportunity employer. We know that a diverse workforce is the strongest workforce, and are committed to building and supporting an inclusive environment for all.
PLEASE NOTE: This position is ineligible for visa sponsorship. To be considered for this role, you must be legally authorized to work in the US or Canada and not require sponsorship for employment now or in the future.