Application Security Engineer
Aptible
Aptible's mission is to empower every developer to focus on their ideas, not their infrastructure.
Aptible aims to fundamentally transform how software developers interact with the cloud. Great people are necessary to achieve such an ambitious mission. But the people alone aren't sufficient to achieve: we must (and do) invest in and nurture a culture that not only empowers but, in fact, propels our team to do so. You can learn more about our culture here.
We believe that the next 10 years of cloud and software development will look markedly different than the last 10 years.
The historical focus has been on the mass lift-and-shift of old data center workloads into the cloud. The future focus will be on building higher level abstractions that allow developers to focus on application code without worrying about the underlying infrastructure. Consider:
- AWS, GCP, and Azure have not successfully invested in abstractions
- Database platform players like Snowflake and PlanetScale have effectively competed by providing a better developer experience and better scaling
- Vercel is hitting success by innovating on the DX for frontend engineering teams
- Similarly, there are application-focused platforms that developers are beginning to move to, but as of yet, no fullstack platform-as-a-service (PaaS) is both great to start and great to scale.
That's our opportunity: Aptible has already shown it's great to scale with, and in 2023 our priority will be making it great to start with. By doing so we believe we will provide a compelling alternative, not just to other PaaS solutions, but also to infrastructure-as-a-service (IaaS), for product-focused developers.
The macroeconomic environment has never been more conducive toPaaS : the increasing complexity of IaaS, slowing growth of engineering team sizes, and lack of investment in and poor strategic decisions by the incumbent PaaS platform (Heroku) all foreshadow the need for a new PaaS that's both great to start with and great to scale with for every developer and every team.
Our Platform and Roadmap
Aptible has developed its PaaS since 2013. To date, most of the focus has been on ensuring the platform was great to scale with for the hundreds of companies and thousands of developers who rely on it for production workloads.
In 2023, we are investing both in making Aptible easier to get started with and supporting increasingly sophisticated use cases while more efficiently managing resources and costs. We are already a good part of the way towards our "great to start" mission: Aptible Managed Databases provision in 97 seconds as compared to 15 minutes for RDS; Aptible Apps provision in less than 90 seconds as compared to 3-5 minutes for ECS. We think we can optimize both further.
Currently our platform today supports over 40,000 daily events like deployments and resource provisioning against the over 50,000 containers that run apps and databases for our customers. We expect these numbers to rapidly grow in 2023 as we invest in acquiring new customers faster through improvements to our product-led growth and marketing and developer relations strategies.
Our Team
Aptible is a fully distributed company, and we’ve been remote since 2013. Importantly, Aptible focuses on our company culture, probably more than most any other team of our size. Culture is how we shape our attitudes and behaviors, and live out our values in our day-to-day. It’s an alignment of our personal drives and needs to Aptible’s mission, and how we unleash our energy towards our shared purpose, in order to enable every single team member to thrive.
We invest in culture to ensure it evolves and grows into something we love, and something that will ensure we will achieve our mission.
Our Commitment to Diversity and Inclusion
We prioritize diversity within our team and value different perspectives, educational backgrounds, and life experiences. We encourage people from underrepresented backgrounds to apply.
About This Role
The Application Security Engineer will be responsible for ensuring the security and privacy of Aptible's software applications. This role requires a combination of technical skills and an understanding of current security threats and best practices. The ideal candidate should have a passion for security and experience in software development.
Responsibilities:
- Design, implement, and maintain security controls for software applications
- Conduct security assessments and vulnerability scans
- Investigate and respond to security incidents
- Stay up-to-date with the latest security threats and trends
- Collaborate with software development teams
- Ensure compliance with security standards and regulations
- Provide guidance and training on secure coding practices
- Perform security-focused code reviews
- Support and consult with product and development teams on application security
- Assist in reproducing, triaging, and addressing application security vulnerabilities
- Support the bug bounty program
- Lead both critical and regular security releases
- Develop automated security testing to validate secure coding practices
Requirements:
- A strong understanding of web application security and common security protocols
- Understanding of network and web-related protocols
- Experience with SAST and DAST security scanning tools
- Familiarity with programming languages like Ruby, Python, and Go
- Experience identifying security issues through code review
- Ability to explain common security flaws and ways to address them
- Basic development or scripting experience
- Familiarity with common security libraries and tools
- Strong understanding and experience with common security libraries and controls
- Subject matter expertise in at least one technical area impacting the product's security
- Excellent communication and collaboration skills
- Strong analytical and problem-solving skills
- Ability to work well with software development teams
Compensation:
We set compensation based on benchmarks for comparable companies and positions. Using this data, the target salary ranges for this position are
- Senior: $211,000 - $233,000/year
- Principal: $280,000 - $306,000/year
Our Benefits
- 90th Percentile Compensation & Transparent Comprehensive Philosophy: Aptible believes that the only way to attract and retain great team members is to have a highly competitive and transparent compensation philosophy. Accordingly, Aptible endeavors to pay every employee a base salary in line with 90th Percentile total compensation for their personal market and Aptible's market. We provide the data so you can see exactly how we determined your compensation, and we automatically keep your comp up to date as the market changes. Read more about our Talent and Compensation Philosophy in the Aptible Handbook.
- Work from Anywhere: Enjoy the flexibility of working from home, a local co-working space, or your favorite coffee shop.
- Open Vacation Policy: We encourage you to take the time you need, when you need it — for any holiday or matter of personal importance.
- Paid Parental Leave: We offer job-protected Paid Time Off — 14 Weeks, Fully Paid — for all parents to bond with a newly born, adopted, or fostered child.
- Medical, Dental, and Vision Insurance: We offer comprehensive health care for employees, with 100% of premiums paid by Aptible.
401(k) Plan via Vanguard. - Hardware & Software: We help you create your ideal office setup and provide any software you’ll need.
- Company Travel: We come together in-person at least two to three times per year, in locations around the globe.
Our Interview Process
- An introduction to Aptible with the hiring manager (30 minutes via Zoom)
- A discussion-based interview with an Aptible team member (45-60 minutes via Zoom)
- A take-home work sample exercise (You will be compensated for completing this.)
- A discussion-based interview with an Aptible team member (45-60 minutes via Zoom)
- References (Ideally 3 former managers, Conducted asynchronously by Aptible)