We’re thrilled to announce Handshake’s $80M Series E funding round. From the start, we’ve made it our mission to break down barriers and create equitable access to great jobs. We’re expanding our mission to build a platform students love, that helps early talent of all backgrounds receive access to opportunities – no matter who they know or where they go to school.
Handshake is the number one site for college students to find a job. Today, the Handshake community includes 18 million students and young alumni at over 1,000 colleges and universities. We connect up-and-coming talent across all 50 states with nearly 500,000 employers recruiting on Handshake — from every Fortune 500 company to thousands of small businesses, nonprofits, startups, and more. Handshake is democratizing opportunity and ensuring college students have the support they need to find a great job and kick-off a meaningful career.
Everyone is welcome at Handshake. We know diverse teams build better products and we are committed to creating an inclusive culture built on a foundation of respect for all individuals. We strongly encourage candidates from non-traditional backgrounds, historically marginalized or underrepresented groups to apply.
If you are not sure that you’re 100% qualified, but up for the challenge – we want you to apply. We believe skills are transferable and passion for our mission goes a long way.
Want to learn more about what it's like to work at Handshake? Check out these interviews from our team members!
What does a Senior Application Security Engineer do at Handshake?
Handshake is building a diverse team of dynamic engineers who value creating a high quality, high impact product. We are looking for a Senior Application Security Engineer who will be responsible for taking ownership of application security initiatives such as defining security requirements and policies, reviewing testing and deployment standards, and asset and vulnerability management. You'll be working with the Infrastructure team whose goal is to build a secure, reliable platform for our engineers.
- Build out the application security strategy within Handshake, laying the foundation for future proofing the product. This will include bringing in new or enhancing existing processes (e.g. SDLC, SLAs) and tooling (e.g. SAST, DAST)
- Conduct penetration testing against native mobile applications and web services.
- Validate internal, external and crowd-sourced application security findings and articulate them to Handshake engineering teams.
- Participate in documenting Handshake engineering architecture and performing threat modeling for white-box assessment activities.
- Think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
- Serve as a subject matter expert for secure coding practices, penetration testing, mobile platform security, and all aspects of application and product security.
- Perform any other application security or product security related activities or tasks as needed.
- Partner with engineering and product leaders across the company to help them prioritize security issues in their products and balance business goals.
- You prefer taking projects from inception to completion and are outcome oriented.
- You act with empathy when partnering with fellow engineers and coworkers.
- You have experience working in distributed, performant, at-scale backend systems.
- You are able to think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
- You have 5+ years of experience with OWASP, static/dynamic analysis, and common security tools.
- You have a deep understanding of web application architecture.
- You have experience with application security tools (static code analysis, dynamic scanning, WAF, etc.).
- You have experience performing proactive research to detect new attack vectors.
- A pen-test certification such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN.
Technologies you'll work with:
- Kubernetes, Terraform, GCP, AWS
- PostgreSQL, Redis, Pub/Sub, Elasticsearch
- Ruby on Rails, Golang
- Stock: Ownership in a fast-growing company.
- 401k: We care about your ability to save for your future.
- Family Focus: Parental leave and flexibility for families.
- Time Off: Flexible vacation policy to encourage people to get out and see the world.
- Healthcare: World-class medical, dental, and vision policies.
- Goodies: Whatever hardware and software you need to get the job done.
- Team Fun: Regularly scheduled events, sports, game nights, book clubs.
- Learning: Learning & Development opportunities for you to grow your skills and career.
- Great team: Working with fun, hardworking, nice people who are committed to making a difference!
- ...And much more!
Interested in what Handshake’s San Francisco HQ is like when we’re together? Check out this video:
Just browsing or not ready to apply? Keep in touch with us!