Staff Application Security Engineer

Staff Application Security Engineer

Introduction to Upside

Upside created a platform to transform brick-and-mortar commerce. Our technology uses the sophistication of online retail—profit measurement, attribution, and incrementality—to provide users with more value on their everyday purchases and brick-and-mortar businesses with new, profitable customers. We’ve helped millions of users earn 2 to 3 times more cashback than any other product, and hundreds of thousands of brick-and-mortar businesses earn measurable profit. Billions of dollars in commerce run through the Upside platform every year, and that value goes directly back to our retailer partners, the consumers they serve, and important sustainability initiatives.

The Impact You’ll Make

You’ll report into the Director, Information Security and build relationships with technology stakeholders. You’ll leverage your knowledge of secure code practices and payment systems to identify and remediate application vulnerabilities. This individual contributor role will innovate for our AppSec team, increase our AppSec posture and enable our engineers to code safely.

Responsibilities

• Innovate with AI and deliver security solutions to mitigate application vulnerabilities
• Run security code tests (SAST, SCA) and partner with engineers to remediate unsafe code
• Create threat models and engage technology teams to review and document risks
• Guide leadership on security architecture, design and best AppSec practices
• Train and upskill engineers on safe coding and vulnerability management
• Assist penetration testing initiatives and/or help manage bug bounties
• Support administration of AWS Control Tower and IAM provisioning
• Interact with the security community and keep aware of trends

Requirements

• 6+ years of application or product security inclusive of reviewing Python code
• Experience with innovating and delivering solutions related to vulnerability management
• Deep knowledge of AWS and Lambda security architecture and AWS Control Tower
• Strong understanding and adoption of AI technologies
• Bachelor’s degree in Computer Science or Engineering highly preferred
• Exceptional customer service and people skills

Tools We Use

• Github Suite (Advanced Security, Actions, Copilot)
• Python
• Terraform
• AWS Lambda, DynamoDB, S3, SNS, SQS, IAM, VPCs
• ChatGPT
• Snowflake
• SQL

Location

This role offers location flexibility, however, if you’re based in the Washington, D.C., Austin, Chicago, or NYC metropolitan regions, in-office attendance is required on a hybrid basis.

Compensation

The US base salary range is not specified.