Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 100,000 businesses nationwide.
We’re looking for talented and motivated application security engineers with 7+ years of experience. As part of our AppSec team, you will build tools that will help our product engineers effortlessly write code that keeps our customers’ information secure. If you’re interested in building secure software with far-reaching effects in our modern economy, join us!
Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI). Our customers put a lot of trust in us to be good stewards of this information. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.
Here’s what you’ll do day-to-day:
- Work with our product engineers to keep our web applications secure.
- Develop easy-to-use tools and light-weight processes that will help our engineers seamlessly write secure code.
- Be involved early in the software development life cycle so that security is built into our architecture.
- Train engineering teams in secure coding best practices.
- Research the latest threats and exploits and help our engineers secure the product against those threats.
- Automate and integrate security into CI/CD pipelines, such as static code analysis and dynamic code analysis.
- Run internal red team exercises.
- Coordinate and manage 3rd party pen-testers and bug bounty programs.
- Ensure proper management, encryption, and separation of secrets and keys.
- Share our security learnings and best practices with the outside world, so we can make the world more secure.
Here’s what we’re looking for:
- 7+ years experience in an application security role.
- Familiarity with cloud environments like AWS.
- A hands-on engineer who cares deeply about both the technological and social aspects of building a secure organization
- Ability to partner well with cross-functional stakeholders.
- Always thinking about attack vectors in which PII and PHI can be compromised.
- Relevant security certifications (OSCP, CEH, GPEN, CISSP, etc.) are a plus.
Learn more about the team:
- Our Engineering Culture and Values
- How We Built a Service-Driven Team
- Our Diversity Goals and Efforts
Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.