SPAN develops products that accelerate the rapid adoption of renewable energy in the home. The flagship SPAN Smart Panel is the first true evolution for the traditional home electric panel, harnessing enhanced technology for metering, monitoring, and control. An expanded product suite of intelligent, integrated solutions radically lowers the cost and complexity of energy upgrades–including solar, batteries and EVs–empowering homeowners to be active, resilient and informed players in the energy market.
We are looking for a hands-on individual with a white hat hacker mindset to join us in an Application Security Lead Role as part of the Security & IT team at SPAN. You will be responsible for building out SPAN’s application security program and architecting, developing and deploying application security tools and technologies to protect SPAN's platform and backend infrastructure.
- Develop the secure SDLC process at SPAN and perform static security code analysis (SAST) of SPAN's code base on a regular basis and provide relevant recommendations to SPAN's developers.
- Perform dynamic application security testing (DAST) using open source and commercial tools before applications are deployed in production.
- Perform threat modeling on existing and upcoming feature sets in the SPAN applications so that appropriate security controls can be built from the ground up.
- Review security alerts and reports on a daily basis and work closely with the DevOps team in any follow up investigation or remediation.
- Manage the bug bounty program at SPANn and work with the developers for timely remediation of the reported issues.
- Manage external independent Application Security Testing and ensure timely remediation of issues.
- Identify all vulnerabilities originating from third party dependencies and ensure timely remediation.
- Impart ongoing secure code and application security best practices training to developers.
We are seeking an Application Security Lead who has:
- Bachelors in Computer Science or related field
- 5+ years in a security engineering or operations role
- Strong knowledge of applied cryptography, web security, TLS/SSL, web authentication protocols such as OAuth/SAML
- Experience in using scripting languages e.g. Python, Perl, PHP, Ruby to automate tasks and manipulate data
- Experience with developing threat models (STRIDE, DREAD, etc.)
- Comfortable with security tools like Burp Suite, OWASP ZAP, CheckMarx, Veracode, MetaSploit, App Spider etc.
- Experience with automation tools like Ansible, Chef, Puppet, Jenkins desired but not a must have
- Experience with automated application testing tools/frameworks e.g. Selenium, SonarQube
- Experience with Web Application Firewalls (WAF) desired but not a must have
Your recruiter can share more about the specific salary range for the location this role is based during the hiring process.
Life at SPAN
SPAN embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills.
Headquartered in San Francisco’s vibrant SoMa neighborhood, we are an eclectic group of creative thinkers who value open communication, teamwork, and a ‘make it happen’ approach to addressing complex challenges.
We’re hiring talented individuals who are driven by success and are passionate about shaping the future of renewable energy. If that sounds like you, we’d love for you to consider joining the rapidly growing team at SPAN.
⚡ Competitive compensation + equity grants at a well-funded, venture-backed company
⚡ Comprehensive benefits (including medical; dental, vision, life and disability insurance)
⚡ Comfortable, sunny office space located near BART and Caltrain public transit
⚡ Strong focus on teambuilding and company culture (events, meet-ups, clubs)
⚡ Flexible hours and unlimited PTO
Interested in joining our team? Submit an application today and we’ll be in touch with next steps!