Requirements
What We're Looking For:
To work as an application security engineer, you must enjoy analyzing system services, spotting issues in code, networks, and applications from a security perspective, and have troubleshooting skills to recognize security issues that appear under new threat scenarios.
- A Master’s degree is preferred, but a Bachelor’s degree in Computer Science or Information Security would be considered. Alto may also accept relevantSecurity certifications are key to call out when applying for a lead engineer role and should be relevant to the role as it has been defined
- Ability to demonstrate extensive and deep technical knowledge, from front-end UIs through to back-end systems and all points in between
- A strong softwareStrong familiarity with web protocols
- Thorough knowledge ofAWSarchitecture being well-versed in both application security and infrastructure security
- Technical expertise in a combination of several domains including software development, network engineering, authentication or security protocols, systems engineering, cryptography
- Be familiar with security best practices and know common and emerging security threats
- Be able to make information security risk-based prioritization decisions, analyze business risk, and offer business/risk trade-off recommendations and decisions
- In addition to identifying issues, they must have a predisposition for action to drive the remediation of these issues to reduce the risk for Alto
- Application security engineers work often with cross-functional teams and lead the remediation of security vulnerabilities, so they must be a good team player with the ability to lead security initiatives
- They need to have great communication skills to explain complex security topics in simple language and easy-to-understand concepts.
What you’ll be working on
At Alto, they're changing the way people invest for the future.
They created a solution that allows ordinary people to invest their tax-advantaged retirement funds into non-traditional assets, like real estate, startups, securitized artworks, cryptocurrency, and more.
By joining Alto's growing team, you'll be helping to make their mission a reality. And you'll work with some truly unique people who are passionate about what they do. They're also pretty big on celebrating individuality—after all, one of their core values is "you do you." And they actually live it. Really.
The Application Security Engineer is responsible for working with Alto teams to secure the data and processes used by Alto’s applications. The expert in this role will ensure that an organization’s applications and services are implemented with high standards and are secure.
What you’ll get to do:
- Help Alto evolve its application security functions and services by leading efforts to develop the policies and standards for securing code
- Collaborate with Dev and QA teams on code reviews, project security reviews, and penetration testing support
- Establish the application scanning processes throughout the stages of the software development life-cycle for application and mobile device apps
- Work closely with developers to help improve the security of Alto products and services
- Be responsible for establishing threat modeling and building systems at scale to prevent classes of vulnerabilities
- Provide leadership for application vulnerability scanning and penetration testing remediation
- Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools
- Provide support to the Director of Information Security on all application security activities
- Actively participate in security initiatives with minimum supervision
- Function as a subject matter expert for security solutions within Alto’s AWS platform
- Work closely with cross-functional teams (Engineering, DevOps, Product) while carrying out daily tasks
- Contribute to requirement gathering with product teams
