CLEAR transforms what is uniquely you – your fingerprints, your face, your eyes – into a secure, biometric key to frictionless experiences. We are creating a world where travel is effortless, where accessing your office building is as simple as walking in, and where shopping is as easy as walking in and out of a store—without ever once showing an ID or credit card. CLEAR currently powers secure, frictionless customer experiences in nearly 40 U.S. airports and venues. With over 3 million members so far, CLEAR is the identity platform of the future, today.
We are looking for an Application Security Engineer to join our growing team! As a Security Engineer, you will have the opportunity to take your penetration and overall application security testing to the next level! Our team performs everything from biometric and Web security testing to remediation, as well as creating automated security products, enabling stakeholders across CLEAR to deliver secure software.
What You Will Do:
- Partner with teams and deliver security risk assessments, manual penetration security testing, automate security testing, threat modeling, and education on secure coding.
- Deliver security products and consult with DevOps, as part of a high-profile security team, supporting automated security testing as part of CLEAR’s next generation CI/CD pipelines
- Lead internal and external penetration tests across CLEAR’s most critical assets, as well as triage issues with internal stakeholders for remediation.
- Create functional and non-functional security requirements, including delivering secure cloud services, that strike a balance of product usability.
Who You Are:
- Minimum of 3 years of experience in software development and implementing security into an SDLC processes.
- Minimum of 8 years experience (in excess of degree requirements). Minimum 2 years relevant architecture experience with expert level knowledge of application systems design and integration.
- Comprehensive knowledge, experience, and understanding of testing for the OWASP Top 10, WASC TCv2, and CWE 25, including PoCs, automating attacks, and secure code remediation.
- Excellent interpersonal communication skills, breaking down vulnerabilities to both developers and leadership.
- Personal passion for security and cutting edge security concepts.
- Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security.
- Evaluate, deploy, and manage application security tools (e.g. DAST, SAST, IAST, RASP, WAF) and build strong vendor relationships.
- Experience or knowledge with a cloud provider(s) (Amazon Web Services, Microsoft Azure, or Google Cloud)
- Previous application security testing or Incident Response (IR) experience, including presenting and documenting vulnerabilities, findings or incidents.
- Ability to listen for nuances, dig into details in order to understand systems deeply, and articulate technical details and risks to business leaders.
- Familiarity with one or more industry standards and regulations such as PCI, NIST 800-53, FedRAMP and ISO27001.
- Strong programming and scripting experience in C#, C++. Java, Python, BASH, Go, or something similar.
- Participates in CTFs or actively contributes to the security community through exploitation development.
- Bachelor's degree or higher in Computer Science.