Application Security Engineer (Hybrid) at Homebase

Toronto, Ontario, Canada

Apply Now

Not SpecifiedCompensation

Mid-level (3 to 4 years), Senior (5 to 8 years)Experience Level

Full TimeJob Type

UnknownVisa

Technology, SaaSIndustries

Requirements

3–5 years of experience in Application Security, Product Security or Software Security engineering role
Strong understanding of web application vulnerabilities and the OWASP Top 10
Senior-level development experience in Ruby, Python, React, and Rails
Experience performing manual source code reviews
Ability to evaluate new products and features through security reviews and threat modeling
Experience leading cross-team initiatives and promoting security adoption within engineering
Strong communication and collaboration skills
Experience running a bug bounty/responsible disclosure program

Responsibilities

Design and build guardrails and controls to prevent common classes of vulnerabilities
Develop security tools and automation to scale our Application Security efforts
Conduct threat modeling, design reviews, and security assessments
Provide direct guidance and support to development teams on security issues
Integrate and strengthen security throughout the software development lifecycle
Oversee and evolve our vulnerability disclosure, bug bounty, and external testing program

Skills

Key technologies and capabilities for this role

Application SecurityOWASP Top 10RubyPythonReactRailsSource Code ReviewsThreat ModelingSecurity AssessmentsVulnerability DisclosureBug Bounty

Questions & Answers

Common questions about this position

What is the work arrangement for this role?

The position is hybrid, requiring a mix of remote and on-site work.

What benefits does Homebase offer?

Benefits include stock options, TFSA/RRSP with 4% company match, comprehensive medical, dental, and vision coverage for you and your dependents, and flex time.

What skills and experience are required for this Application Security Engineer role?

Candidates need 3–5 years in Application Security or similar, strong knowledge of web vulnerabilities and OWASP Top 10, senior-level development in Ruby, Python, React, and Rails, manual source code review experience, threat modeling, cross-team leadership, and bug bounty program management.

What is the company culture like at Homebase?

Homebase has a bold, fast-moving team obsessed with helping small businesses, emphasizing empathy, urgency, collaboration, raising the bar, supporting each other, and celebrating wins together, guided by principles like being customer obsessed, moving fast, owning impact, mastering your craft, and winning together.

What makes a strong candidate for this role?

A strong candidate has 3–5 years in application security, senior development skills in Ruby, Python, React, and Rails, experience with threat modeling, code reviews, bug bounties, and leading cross-team security initiatives, plus strong communication and collaboration.

Homebase

Workforce management software for hourly employees

About Homebase

Homebase provides a digital platform that helps businesses with hourly workers manage their operations more effectively. The platform includes tools for time tracking, employee scheduling, payroll processing, and messaging. Businesses can use any device to track employee hours, breaks, and overtime, which simplifies payroll preparation by reducing paperwork. Managers can create and adjust schedules online, sharing them instantly with their teams. The payroll service automatically calculates paychecks, processes direct deposits, and files payroll taxes, making payroll management easier for small businesses. Additionally, the built-in messaging feature allows for effective communication between managers and employees, even when they are not in the same location. Homebase primarily serves small businesses and generates revenue by charging for its software and services. The goal of Homebase is to streamline workforce management for businesses that rely on hourly workers.

San Francisco, CaliforniaHeadquarters

2014Year Founded

$183.8MTotal Funding

SERIES_DCompany Stage

Consulting, Enterprise SoftwareIndustries

1,001-5,000Employees

Benefits

Stock options

Comprehensive insurance plans

401(k) with 4% company match

Remote, hybrid, and in-office work options

Top-of-the-line equipment and home office

Annual holidays and accrued PTO

Fun company activities

Risks

Increased competition from companies like Deputy could erode Homebase's market share.

Rapid Canadian expansion may strain resources and lead to operational challenges.

Dependency on third-party platforms like Lightspeed poses risks if partnerships change.

Differentiation

Homebase targets hourly workers, a segment often overlooked by HR tech companies.

The platform offers a comprehensive suite of tools for small business workforce management.

Homebase integrates payroll, scheduling, and communication in a single, user-friendly application.

Upsides

Homebase secured $60M in Series D funding, indicating strong investor confidence.

The company is expanding into Canada, doubling its workforce and opening a new office.

Integration with Lightspeed enhances Homebase's capabilities in workforce management.

Land your dream remote job 3x faster with AI

Try Jobo Free