Staff/Principal Application Security Engineer

Introduction

Binti builds software for state and county government agencies, focusing on reinventing social services. We started in child welfare, with the mission of helping every child have a safe, loving, and stable family. To date, we’ve helped approve more than 100,000 families to foster or adopt, and we support over 49% of the nation’s child welfare system. We have expanded our product offerings in child welfare, moving more to the root of the problem, helping families stay together and avoid separation, and are now expanding horizontally across other areas in social services. Binti is a for-profit, mission-driven software company based in San Francisco, CA. Investors include Founders Fund, First Round Capital, Kapor Capital, and others. We’re a team of ~90 people and growing quickly. We care about creating a workplace where everyone feels welcome and can bring their full self to work. We have a huge, ambitious vision to rewire government to be more effective in expanding opportunities for people around the world, and we are looking for mission-driven, high-empathy, high-performance, and low-ego team members to join us on our exciting journey towards that vision.

Job Description

As Binti's first Principal Security Engineer (Applications focused), reporting to our CTO, you will play a critical role in ensuring the security and integrity of our software applications. You will work alongside Binti’s full-stack engineers, contribute to security controls in our software, identify and address potential security vulnerabilities, implement best practices, and uphold secure coding standards.

Responsibilities

• Conduct Security Assessments: Provide holistic assessments of Binti’s security stance, including performing regular security reviews, code audits, penetration testing, and threat modeling to maintain the highest standard of application security.
• Set Direction: Help Binti chart a specific and pragmatic course of action to achieve a strong security posture. This includes scoping and prioritizing work, determining what levels of investment and risk we should take on given our scale and capacity, contributing to job descriptions and hiring plans for the next team members, and building relationships across teams and with company leadership to effectively communicate and advocate for these goals.
• Respond To Incidents: Respond promptly to security incidents, collaborate with engineers on-call, and provide detailed post-event analyses. Evaluate the applicability of emergent security concerns