Senior Application Security Engineer
M&T BankSalary not specified
Full Time
Senior (5 to 8 years), Expert & Leadership (9+ years)
Not SpecifiedCompensation
Senior (5 to 8 years), Expert & Leadership (9+ years)Experience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, SoftwareIndustries
Requirements
The candidate should have over 5 years of experience in application security or penetration testing roles and more than 7 years of experience with Java (backend) and React (frontend) for security testing and review. Proficiency with tools like Burp Suite, OWASP ZAP, or Metasploit is essential, along with a strong understanding of web application security, OWASP Top 10, and secure coding practices. Experience managing bug bounty programs and familiarity with application frameworks, APIs, and cloud-native environments are also required, as are strong analytical, problem-solving, and communication skills. Preferred qualifications include offensive security certifications, experience with security automation and scripting, secure SDLC processes, CI/CD integration, security R&D, vulnerability research, exploit development, and familiarity with compliance frameworks.
Responsibilities
The Application Security Engineer will perform internal application penetration testing and vulnerability assessments for Java- and React-based applications, collaborate with third-party penetration testing firms, and validate their findings. This role involves owning and managing the company's bug bounty program, including triage and coordination with engineering teams, and conducting security-focused R&D to identify emerging threats and recommend mitigations. The engineer will also work with development teams to integrate security into the SDLC, assist with remediation guidance, and develop/maintain application security tooling, scripts, and automation. Providing clear documentation and reporting of vulnerabilities, risks, and security recommendations is also a key responsibility.
Skills
Application Security
Penetration Testing
Bug Bounty Management
Security Research
Vulnerability Management
Cybersecurity
Zero-Trust
Zero-Knowledge
FedRAMP
StateRAMP
FIPS 140-2
SOC 2
ISO 27001
Password Management
Secrets Management
Privileged Access Management
Secure Remote Access
Encrypted Messaging
Keeper Security
Cybersecurity solutions for data protection
About Keeper Security
Keeper Security provides cybersecurity solutions aimed at protecting sensitive data for individuals and businesses. Its main product is a zero-knowledge security platform, which means that the company cannot access the data stored by its users, ensuring high levels of privacy and security. This platform is scalable, allowing it to adapt to the needs of various organizations, from small businesses to large enterprises. Unlike many competitors, Keeper Security is recognized for its extensive audits and certifications, which enhance user trust. The company operates on a subscription-based model, offering tailored plans for personal, family, student, business, and enterprise use, with options for multi-year commitments that provide savings. The goal of Keeper Security is to deliver reliable data protection while ensuring continuous updates and support for its users.
Chicago, IllinoisHeadquarters
2011Year Founded
$58.6MTotal Funding
GROWTH_EQUITY_VCCompany Stage
CybersecurityIndustries
201-500Employees
Benefits
Health Insurance
Dental Insurance
Vision Insurance
Life Insurance
Disability Insurance
401(k) Retirement Plan
401(k) Company Match
Unlimited Paid Time Off
Risks
Emerging cybersecurity startups could erode Keeper's market share.
AI-driven cyber threats require Keeper to continuously adapt its security protocols.
Regulatory scrutiny on data privacy may increase Keeper's compliance costs.
Differentiation
Keeper Security offers a zero-knowledge security platform ensuring maximum data privacy.
The company is SOC-2 and ISO 27001 certified, enhancing trust and reliability.
Keeper's subscription model provides continuous updates and tailored plans for diverse customer needs.
Upsides
Growing demand for zero-trust architecture boosts Keeper's market potential.
Strategic partnerships, like with Sherweb, expand Keeper's market reach.
Increased cybersecurity needs in sectors like legal and sports enhance Keeper's relevance.
Related Jobs
RemoteRemoteSenior Security Engineer, Application Security
Trail of BitsSalary not specified
- Full Time
- Senior (5 to 8 years)
RemotePenetration Tester
UltraViolet CyberSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Engineer, App Security
HealthieSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteStaff Software Engineer - Security Center
ServiceNowSalary not specified
- Full Time
- Senior (5 to 8 years), Expert & Leadership (9+ years)
RemoteFrontend Engineer (React)
SweedSalary not specified
- Full Time
- Mid-level (3 to 4 years)
RemoteMachine Learning Lead (R&D)
PanoptoSalary not specified
- Full Time
- Expert & Leadership (9+ years)
RemoteVulnerability Detection Engineer (Content) - Exposure Management (Remo…
CrowdstrikeSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Manager, Hacker Success Program
HackerOne£86,000 - £108,000/year
- Full Time
- Expert & Leadership (9+ years)
RemoteSenior Software Security Engineer
Muon SpaceSalary not specified
- Full Time
- Senior (5 to 8 years)
RemoteSenior Security Engineer
Vanta$218,000 - $256,000/year
- Full Time
- Mid-level (3 to 4 years), Senior (5 to 8 years)
RemoteApplication Security Engineer
RxSenseSalary not specified
- Full Time
- Mid-level (3 to 4 years)