The Application Security Engineer role
CHAMPION | MONITOR | MITIGATE
We're looking for an Application Security Engineer who can work collaboratively with Software Engineering teams to mitigate potential security threats and participate in building a culture of security in Engineering at ACG. You'll perform threat models and use AWS Security tooling in a SaaS product-led environment. This role will use knowledge and experience in vulnerabilities to level up how we build products, with security front of mind and bring consistency to how we go about it. If this sounds like you - please read on and apply below!
Hello, we're A Cloud Guru
Our friends call us ACG.
A Cloud Guru was built by engineers for everyone, everywhere. Here, you’ll have the freedom to follow your curiosity. We’re not afraid to just try, because when you’re working with cutting edge technologies, experimentation and trying out new ideas have to be encouraged and celebrated. Our engineers are building the world’s largest (and most awesome) cloud learning platform. Why? Our mission is to teach the world to cloud. Our fun, practical courses have helped over 1.5 million people learn to cloud, and we’re just getting started.
We’re not a training company that just decided to sell training courses. We grew up out of the cloud ecosystem. We were a bunch of cloud engineers who pulled people together to create a training platform. That’s why we’re genuinely passionate about what we create. And we are known for practicing what we preach.
What makes the Product & Engineering team awesome...
Learning to cloud means unlocking a world of possibilities for our students. Using the latest tech, we design the tools to teach people cloud faster and better. The team is talented (and a little quirky), and we’re all in it together.
- Cutting-edge tech We’ve built a product using cloud-first Serverless Architecture with tools like Lambda, API Gateway, GraphQL and ReactJS.
- Founded by engineers Having a CEO who’s also an engineer is nice — he knows the effort it takes to make things awesome.
- We don’t bite We’re friendly, down-to-earth, and collaborative. There are no high-performing jerks and no heroes. Just great teams.
- Hungry and humble We’re dedicated to learning all the things to create the best product possible.
Working here, everyone is so humble. I haven't seen an ego yet, and it’s very refreshing. It allows me to let the real quirky, sometimes funny, sometimes silly side of me come out and shine. –Kesha, A.I. Music Guru (and Technical Instructor)
As an Application Security Engineer at ACG, you’ll get to:
- Facilitate efforts in Engineering Teams to perform and maintain threat models and provide coaching and guidance to Engineers
- Use knowledge of common risk of risks and vulnerabilities to guide Engineering teams in building products
- Use and maintain security tooling and processes, such as DAST / SAST tools and vulnerability reporting
- Deploy and automate AWS security features such as; IAM rules, AWS Config, roles etc.
- Confirm vulnerabilities in reports such as responsible disclosures
- Promote and champion a culture of Application Security among teams
- Facilitate and participate in incident response efforts
- Record and communicate vulnerability findings and keep records up to date
What you bring to the table
We focus on hiring values-aligned people, because we believe the right person can learn all the things to be successful in their role. Self-belief plays a big part in what you apply for. We encourage all job applicants to apply even if they are nervous to do so. Uni degrees aren't required for any roles, and career gaps or switches are totally welcome.
- 3+ years working in the Application Security Engineering field
- At least 1 year of experience in software engineering or scripting, using any language or framework
- Experience building threat models and risk assessments in an Agile Software delivery environment
- Experience communicating security threats and vulnerabilities to technical and non-technical stakeholders
- Demonstrated experience with at least one of the following AWS features; CLI, CloudFormation or Security Tooling
- Knowledge of the OWASP Top 10 security threats
- Knowledge or understanding of GDPR
We want the people who care about doing a good job. The ones who have the humility and hunger to learn. - Sam Kroonenburg, Co-Founder and CEO
More than a job
Where you work isn’t just a career decision — it’s a life decision. We get it. That’s why we want all of our Gurus to feel a sense of belonging that comes from feeling supported in all areas of their lives. Everyone has family, friends and interests outside of their careers, so we offer perks and benefits to make work, work better for you.
- 5 weeks annual leave, plus 10 sick days, and holidays. Because even when your office is your living room, we all need time to unplug.
- Remotely awesome. Get $700 to level up your home office, monthly snack boxes, free Headspace access, weekly lunch funds, and $50 monthly for internet.
- Human connection. Get to know the Gurus with good times and get-togethers inspired by our values, virtual happy hours, lunchtime trivia, or socially distanced fun events.
- $1,000USD continuing education budget. All Gurus get $250USD a quarter to spend on personal development.
- 2 hours each week reserved for learning. Every Friday for 2 hours, we put down our normal work and spend time learning something new
- Get certified on us. A Cloud Guru will cover the cost of sitting all industry cloud certifications.
What’s the interview process like at ACG?
Applying for a job can feel intimidating and like a full-time job of its own. You shouldn’t have to burn through a week of sick time or all your best out-of-office excuses just to put feelers out for a new career opportunity. It’s our goal to provide you a fair, efficient interviewing experience that respects you and your time — and to do it all with a touch of delight.
Once you submit an application, we’ll review it. If you’re a good fit, you’ll have an initial chat with a recruiter over the phone. A phone interview with a manager typically follows. Depending on your role, you might then be asked to do a little homework (but nothing too time consuming). Then we’ll schedule a Zoom call to meet other members of the team, answer any questions you have, and give you a feel for what it’s really like to work at ACG. If you're on the fence, just give it a try.
Keep being awesome, cloud gurus!