Appsec engineer - code

Posted: Jan. 25, 2022, 3:54 a.m. - Full Time - Remote

GuardRails is looking for a full-time AppSec Engineer with a focus on static code analysis. GuardRails is supporting a rapidly growing number of developers all over the world and you will play an important role in ensuring that we have the best static analysis capabilities in the industry.

About You

You love finding vulnerabilities in code and are excited to apply your knowledge to many different programming languages. The thought of reviewing applications, writing excellent security rules that both identify vulnerabilities, but also identify whether security controls are in place, fills you with joy and you can’t wait to scale your knowledge to help millions of developers around the world.

You will be testing GuardRails on many different repos and open source projects, tuning existing rules, improving their accuracy, and of course creating new rules. You are excited by the fact that you can release advisories for issues you identify and share your expertise in blog posts and technical conferences.

You are an incredibly motivated, highly experienced, and organized hacker who loves applying his skills constructively. You are happy to work in a startup environment and wear all the hats that you need to in order to get things done. While you are happy to contribute individually, being part of a growing team of world class security researchers and engineers is a big plus for you.

Your Experience and Skills

  • You are fluent in at least one programming language and are a builder at heart.
  • You know all about software vulnerabilities.
  • You can dockerize things in your sleep.
  • You are self-motivated, organized, creative, respectful, with a high level of integrity and ethics.
  • You have a strong command of the English language.

You Pretty Much Have the Job If

  • You are an expert in writing rules with semgrep or other frameworks.
  • You have a couple of CVEs/bug bounties under your belt of decent issues and not just cross-site scripting vulns or misconfigurations.

How You’ll Make an Impact

Best of breed SAST capabilities: * Action: Add security scanning engines that can help identify vulnerabilities in different programming languages. Outcome: GuardRails supports an increasing number of programming languages. * Action: Creating and modifying security rules using solutions like semgrep. Outcome: Growing number of vulnerabilities that we can detect on our platform. * Action: Tuning of false positive detection. Outcome: Improved user satisfaction and decreased number of vulnerabilities marked as false positives.

Next generation security: Action: Share your knowledge with our growing data science team. * Outcome: Data science team is empowered and can leverage security knowledge to build models. * Action: Classification of vulnerability data set providing a highly accurate learning environment for A.I. Outcome: Improved A.I. models for better detection, with higher accuracy. * Action: Codify fixes using OpenRewrite or other frameworks. Outcome: Ability to fix issues automatically at scale.

Recognized Thought Leadership:

  • Action: Maintain, update and add to the GuardRails documentation for your focus area. Outcome: Decreased time from detection of vulnerabilities to them being fixed.
  • Action: Create blog posts, advisories and content for the GuardRails blog. Outcome: Demonstrating thought leadership to the public, increasing inbound leads.
  • Action: Speak at conferences and relevant events (online/offline). Outcome: Demonstrating thought leadership to the public, increasing inbound leads.

Benefits of Working with Us

  • Fully Remote Organization, with flexible work hours, we are outcome-focused.
  • High impact environment, ability to make a difference. You are not just a number.
  • Employee Stock Option Program.
  • Mac laptop and external monitor.
  • Remote-friendly tool allowance.
  • Health insurance.
  • Gym allowance, Internet allowance, Educational allowance.

More About GuardRails

GuardRails, an end-to-end application security platform, empowers modern development teams to uncover critical vulnerabilities in their applications and rectify them before attackers abuse them.

Software is transforming the world, and we’re ensuring that businesses can make that change securely. Join our engineering team and help us deliver security to development teams globally.

Join a fast-growing cybersecurity company with an experienced founding team, flagship clients who love us, and technology that is quickly becoming the go-to choice for development and security teams.