Application Security Engineer

Headquarters: Leesburg, VA

PhishMe’s Engineering team is seeking an Application Security Engineer to assist the Development, Production Engineering, and Security Operations teams with application-level security assessment and threat mitigation.

The successful candidate must have professional work experience. This is a full-time position working for PhishMe, Inc. Outsourced or software development contractors will NOT be considered.


  • Review merge requests from Development and Production Engineering teams to proactively address security concerns before
  • changes are merged to master
  • Validate and address findings from static analysis tools
  • Perform routine internal penetration testing
  • Develop and evangelize secure programming standards
  • Conduct periodic internal software security audits
  • Validate, address, and document responses to security findings from third-party penetration testing engagements
Successful applicants must be:
  • Passionate about application security
  • A self-starter who can identify work that needs to be done without waiting for direction
  • Able to work effectively and be pragmatic as part of a remote team in a dynamic business environment
  • Comfortable working independently but able to escalate problems when necessary
  • Demonstrate strong oral and written communication skills
  • Eager to learn; able to understand and apply new things relatively quickly
  • Willing to mentor and guide fellow team members kindly and constructively
  • Enjoy sharing knowledge via documentation
  • Can work for eight solid hours per day where at least five overlap with 8am to 6pm Eastern
  • Available to work off-hours as necessary
  • Happy to travel occasionally for team meetings and events
Your experience should demonstrate that you:
  • Have extensive professional experience in information security, as a vulnerability researcher, QS engineer, or developer
  • Are able to read and write Ruby code
  • Can write PoC code and documentation that clearly demonstrate vulnerabilities
  • Are proficient with or able to quickly learn automation tools such as Selenium
  • Are able to find solutions to challenging technical puzzles with atypical constraints
  • Can effectively use git and understand common SCM workflows
  • Are able to write code that is intentional and readable rather than magically obscure
  • Enjoy tinkering
It would really be outstanding if you:
  • Have previous professional, full-stack app-sec experience
  • Can list and demonstrate examples of the OWASP Top 10; have experience playing with railsgoat
  • Have deep knowledge of the Ruby on Rails and Java Spring web frameworks
  • Are familiar with BDD
  • Have working knowledge of AWS or other cloud computing platforms
  • Have used static analysis tools such as Brakeman and Bundler-Audit
  • Have experience using CI environments (Jenkins/Docker)
  • Are familiar with proxies, firewalls, mail infrastructure, and other solutions commonly seen in large enterprises
  • Can comfortably use advanced git features such as rebase, rebase -i, merge –no-ff
  • Have attained a four-year degree in something (…anything)
  • Have customer support experience (retail, help desk, consulting, etc.)
  • Include a link to GitHub/GitLab/Bitbucket profile
  • Competitive salary and stock options
  • 401k with company match
  • Health, vision, dental, disability, life insurance
  • Telecommuting expense reimbursement
  • Leesburg, VA or US Telecommute


To apply for this position, please follow the link below:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s