Sailthru is the largest sender of personalized email on the planet. But we’re so much more than an email provider or cross-channel marketing hub. We’re committed to creating true partnerships with our clients, not just being another vendor. Working with some of the biggest names in ecommerce and publishing, we help deliver personalized email, mobile messaging, and onsite experiences to billions of consumers.
Sailthru is proud to be part of the CM Group, a world-class portfolio of technology products including Campaign Monitor, Deliver, Emma, Liveclicker, and Vuture. Our mission is to be the most respected, fastest growing marketing technology company in the world. We have teams all over the globe — from NYC to San Francisco to London to New Zealand — making it a reality.
Sailthru is looking for an Application Security Engineer in our NY office with an understanding of application security, secure software architecture and design principles, the software development lifecycle, and the cloud to join our growing Engineering team. You will be a key member of our engineering team, working hands on with our team and code base to not just fix security issues, but also design and architect secure solutions to help us “shift left” on security and improve the overall security posture of the platform.
What You’ll Do
- Collaborate with our engineering and product teams to improve the security posture of new features in their design phase (shifting left on security)
- Work hands on with our engineering teams to resolve security issues and harden the platform from potential security vulnerabilities
- Manage and automate security processes involved in the SDLC (CI/CD, static code analysis tools, etc.)
- Partner with our global security team and outside vendors, participating in security assessments of networks, systems and applications delivered internally and externally
- Deliver education on secure coding practices to product engineering teams. Be an advocate for security best practices in engineering and the broader org.
You are smart, autonomous, confident, personable and friendly, and you communicate clearly and respectfully. You have a background in secure software design, software engineering, and security / cloud operations. You live and breathe security best practices and are passionate about learning new security challenges and trends.
- Minimum 3-5 years of experience building production web applications and services in at least one of the following languages: Java, PHP, or Python
- Strong understanding of application security architecture and the ability to articulate best practices in application security.
- Ability to work autonomously and as part of a global team, communicating and coordinating regularly with our Sydney, Australia-based security team.
- BA/BS degree in Computer Science, or equivalent experience preferred
- Excellent communication skills with a demonstrated ability to explain complex technical issues to all audiences.
- Strong, proven experience integrating application security inot SDLC and CI/CD processes including automated workflows.
- Familiarity with security AWS-based infrastructure and services.
- Good understanding of how web applications work, from the underlying network protocols (HTTP, TCP) through to web server (IIS, nginx, Apache), browser behavior and everything in between.
- Passion for security and automation
While the team is based in NY, this role is open to remote.
Perks & Benefits:
- Competitive compensation and benefits package
- Life, AD&D, Short and Long Term Disability Insurance
- 401(k) with 6% company matching
- Open Time Away
- Paid parental leave