Application Security Engineer, Senior

Do you want to secure products that connect thousands of diners to restaurants

every day?

Do you love researching attack vectors in well formatted, unit-tested, and documented code written in Python and JavaScript?

Can you balance security, product advancement, and maintainability to help us continue to ship secure web applications?

If all() of your answers to the above == True, keep reading; this might be the secure application environment you’ve been looking to protect and defend.

Our Product and Technology

Our backend applications are written in Python 3.

The RESTful APIs we develop enable several client-facing platforms, ranging from our website products built with React & Redux to our native mobile applications.

Depending on our use case, we store data in MySQL, Elasticsearch or Redis.

Our infrastructure-as-code platform is hosted by Amazon Web Services, developed and orchestrated using Ansible and Terraform.

We automate as much as we can, utilizing Jenkins for deployments.

About the Position

ChowNow’s Engineering Team has built a reliable, stable, and modern platform enabling restaurant owners to accept pickup and delivery orders online.

Our “quality product first” approach to engineering drives the team to succeed and has contributed to the success and growth of the company.

We are looking for similarly minded engineers who care deeply about the product, the customers, the team members, and the codebase itself.

As Senior Application Security Engineer, you will work closely with the Security and Engineering teams to develop secure solutions to interesting technical problems, explore exciting growth opportunities and ensure the security of our product.

About Us:

ChowNow is unique among tech startups in the restaurant space.

We power branded online ordering systems for independent restaurants across North America – via websites, Google, Instagram, and through branded iOS and Android apps – and we do it all for a reasonable monthly fee regardless of order volume.

We operate this way because of our belief in being fair, sustainable, and equitable with our restaurant partners.

And the same goes for our workplace. 

Diversity, teamwork, and mutual respect are among our core company values.

And we pride ourselves on giving our teams plenty of opportunities to make their mark.

To date, we’ve created over 20,000 apps for our restaurant partners – something that’s never been done before in our category.

And as we expand to new markets, further spreading the word about the ChowNow difference, those opportunities to create, build, and grow will only increase.

If this sounds like the kind of workplace and the kind of mission, that appeals to you, we’d love to talk. 

Together we can preserve neighborhood flavor, one restaurant at a time.

Within 1 months, you’ll…

  • Learn our business model and how it translates to platform architecture and features, and find a balance between theoretical risk and development velocity.
  • Be a subject matter expert on security threat modeling, application security fundamentals, and theoretical exploits, using that knowledge to support our engineering teams.

    You’ll join squad meetings to understand security needs and make recommendations to secure our apps.

  • Identify opportunities for increased automation in security testing and hardening, and begin development of those solutions in conjunction with the QA/SDET team.

Within 3 months, you’ll…

  • Have made a valued impact on multiple products across our platform by penetration testing and threat modeling our internal and external applications.
  • Understand major feature areas of our applications and be comfortable navigating the stack and infrastructure, aware of potential common exploit vectors.
  • Have participated in the architecture and implementation of new developer and user-facing features.

    We communicate and collaborate on our architecture to achieve security, scalability, and maximum learning.

Within 6 months, you’ll…

  • Feel comfortable as a knowledge leader of security of ChowNow platform, contributing best practices and continuing to learn in the field.

    We want to learn as much as we teach.

You should apply if:

  • You have experience building SaaS products, e-commerce or similar online platforms and testing or hardening security of those systems
  • You are excited about new technologies, and enjoy being on the cutting edge of offensive and defensive security research
  • You have experience developing threat models based on common adversary strategy database, e.g.

    ATT&CK Framework

  • Your toolbox looks like the Kali Linux distribution, including metasploit, burpsuite, lynis, sqlmap, and more
  • You constantly work to get better at your craft and keep up with new developments and attack vectors
  • You like collaborating with multiple stakeholders to achieve a secure application and organizational posture
  • You make decisions based on data and evidence
  • You enjoy iterative, agile development process with frequent releases
  • You can demonstrate experience writing well documented POCs and summaries to communicate your findings
  • You thrive in environments supporting your growth, and where you can support others

About Our Benefits:

  • Competitive Salary
  • Ongoing training and growth opportunities.
  • A “Best Place to Work” winner multiple times where we focus on creating a great employee experience.
  • A remote first culture and monthly stipend offering flexibility to work where you want and how you want.
  • Rock solid medical, dental, and vision plans.
  • Mental Health Coverage
    – we offer several programs to support your mental health and wellness goals.
  • 3 weeks paid vacation; paid holidays; we expect you to work hard, but still enjoy your personal life
  • 7 weeks of baby bonding time for all new parents (within the first year of birth or adoption), 8 Weeks of Paid Pregnancy Leave.
  • 401(k) Matching
  • Employer-contributing student loan assistance program.
  • Commuter benefits (including Uber Pool).
  • Employee Stock Incentive Plan.
  • Pet insurance for your fur babies
  • Quarterly Industry Speakers Series.
  • Quarterly Tech Events (Women, LGBTQ, Diversity, Inclusion).
  • Consistent & fair leadership: we’ll share info, set clear goals, show you respect, and treat everyone fairly.
  • Enough freedom to spread your wings while still holding you accountable.
  • Fully stocked kitchen and cold brew on tap.

ChowNow takes the health and safety of our team seriously.

Effective December 1, 2021, we will require all employees to have been vaccinated against COVID-19.

We strongly believe that this is the best way to protect our employees, families, clients, and communities.

All requests accommodations will be considered.

As one of ChowNow’s core values, “Celebrates Diversity”, we are committed to an inclusive and diverse work environment.

ChowNow is an equal opportunity employer.

We do not discriminate based on race, color, ethnicity, ancestry, national origin, religion, sex, gender, gender identity, gender expression, sexual orientation, age, disability, veteran status, genetic information, marital status or any legally protected status.

Read here about your California privacy rights.

#Li-Remote

Related Post

Loan ProcessorLoan Processor

Overview: AAG, is the nation’s leading reverse mortgage lender. The company is dedicated to giving seniors a better financial outcome in retirement through the responsible use of home equity. In