Grammarly empowers people to thrive and connect, whenever and wherever they communicate. More than 20 million people around the world use our AI-powered writing assistant every day. All of this begins with our team collaborating in a values-driven and learning-oriented environment.
To achieve our ambitious goals, we’re looking for engineers to join our AppSec team. In this role, you will have a substantial impact on the security of Grammarly product family and cloud infrastructure behind it. We are looking for engineers eager to find bugs and vulnerabilities in the code and to conduct black-box and white-box testing of different products and features.
Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.
In this role, you will:
- Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams.
- Develop secure system design and secure coding recommendations.
- Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments.
- Actively participate in the “security champions” initiative and provide security training to engineering teams.
- Perform security testing on our internal and external applications—including performing security code reviews, vulnerability assessments, and exploit development, as well as documenting the outcomes of the research.
- Manage Grammarly bug bounty and drive different program initiatives and promotions.
- Integrate SAST/DAST in CI/CD and operational pipelines.
- Create and manage tools (e.g., web security scanners) to help test and monitor product security.
We’re looking for someone who
- Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
- Has a minimum of two years in application security or related field.
- Has knowledge of programming languages (JS, Java, Python, Go).
- Is familiar with software development methodologies, processes, and tools.
- Is familiar with modern DevOps practices and tools.
- Has working experience with application security tools like BurpSuite, OWASP ZAP, Metasploit, etc.
An ideal candidate would be someone who
- Has participated in bug bounty programs and security research.
- Has practical experience with device management, access provision, and access management.
- Has prior experience in continuous security cycle implementation for web applications.
- Has knowledge of networking principles or macOS/Linux/Windows platforms.
- Has experience with malware analysis; reverse engineering is also a plus.
- Has experience with AWS (or other cloud platforms).
Support for you, professionally and personally
- Professional growth: We hire people we trust, and we give team members autonomy to do their best work. We also support professional development with training, coaching, and regular feedback.
- A connected team: Grammarly builds products that help people connect, and we apply this mindset to our own team. We have a highly collaborative culture supported by our EAGER values. We also take time to celebrate our colleagues and accomplishments with global, local, and team-specific events and programs.
- Comprehensive benefits: Grammarly offers all team members competitive pay along with a benefits package that includes superior health care. We also offer ample and defined time off, catered lunches, gym and recreation stipends, admission discounts, and more.
We encourage you to apply
At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. Grammarly is an equal opportunity company. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, criminal prosecution, judgment in a criminal case, or any other characteristic protected by law.