ForgeApply
Try it free

ForgeApply · Job listing

Staff/Principal Application Security Engineer

Binti

Binti HQ - San Francisco, CA, US$240k – $330konsiteSaaS

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

Binti builds software for state and county government agencies, focusing on reinventing social services. We started in child welfare, with the mission of helping every child have a safe, loving, and stable family. To date, we’ve helped approve more than 100,000 families to foster or adopt, and we support over 49% of the nation’s child welfare system. We have expanded our product offerings in child welfare, moving more to the root of the problem, helping families stay together and avoid separation, and are now expanding horizontally across other areas in social services.

Binti is a for-profit, mission-driven software company based in San Francisco, CA. Investors include Founders Fund, First Round Capital, Kapor Capital, and others. We’re a team of ~90 people and growing quickly. We care about creating a workplace where everyone feels welcome and can bring their full self to work. We have a huge, ambitious vision to rewire government to be more effective in expanding opportunities for people around the world, and we are looking for mission-driven, high-empathy, high-performance, and low-ego team members to join us on our exciting journey towards that vision.

As Binti's first Principal Security Engineer (Applications focused), reporting to our CTO, you will play a critical role in ensuring the security and integrity of our software applications. You will work alongside Binti’s full-stack engineers, contribute to security controls in our software, identify and address potential security vulnerabilities, implement best practices, and uphold secure coding standards.

WHAT YOU WILL DO

- Conduct Security Assessments: Provide holistic assessments of Binti’s security stance, including performing regular security reviews, code audits, penetration testing, and threat modeling to maintain the highest standard of application security.

- Set Direction: Help Binti chart a specific and pragmatic course of action to achieve a strong security posture. This includes scoping and prioritizing work, determining what levels of investment and risk we should take on given our scale and capacity, contributing to job descriptions and hiring plans for the next team members, and building relationships across teams and with company leadership to effectively communicate and advocate for these goals.

- Respond To Incidents: Respond promptly to security incidents, collaborate with engineers on-call, and provide detailed post-event analyses. Evaluate the applicability of emergent security concerns through risk rating and assessment (such as OWASP).

- Improve Security Architecture: In a leadership capacity with the Engineering team, identify, design, and implement technologies to enhance security automation, during the software development lifecycle, within the product itself, and in cloud hosting environments.

- Set Security Standards: Lead efforts to design and implement secure coding standards and best practices across the development lifecycle, with an eye toward automation, including effective AI tools

- Share Expertise: Stay up to date on the latest security threats, vulnerabilities, and industry best practices, and ensure the integration of this knowledge into Binti’s security strategies. Act as our company’s expert on application security matters, providing mentorship to development teams and fostering a scalable, security-aware culture.

- Represent the Security team to other Binti teams and Binti leadership: Act as a steward of the Binti values. Tell the story of the security team, advertising its good work, and celebrating wins.

SAMPLE PROJECTS

- Review and implement security patches and hotfixes in production applications.

- Implement streamlined feedback of security recommendations for new products before launch into the Binti platform.

- Improve the security of documents and files uploaded and downloaded on the platform.

- Analysis, scoping, and implementation of security improvements to better protect Personal Health Information and Personally Identifiable Information stored within the product.

- Improve notification and escalation of security concerns from third parties (such as security researchers).

- Integration of new and existing logging and alerting systems to centralized and/or decentralized Security Incident and Event Management (SIEM) platforms.

- Assess backlog of application-specific security tickets and provide recommendations for remediation and

- Support evidence collection for compliance frameworks such as SOC 2 Type II and HIPAA.

- In partnership with a vendor, stand up a bug bounty program and drive engagement from external security researchers

- Drive the timely completion of critical security tasks (e.g. incident remediation follow-ups), sometimes implementing personally, and sometimes overseeing the implementation by full-stack engineers.

WHAT WE LOVE ABOUT YOU

- Technical Expertise: Proven experience as an Application Security Engineer or in a similar role. Strong technical background with experience in full-stack development, cloud computing, and scalable architecture. Proficiency in one or more OOP coding languages (Ruby, Python, Java, etc) is strongly preferred.

- Deep Understanding: Strong understanding and knowledge of web application security principles, common vulnerabilities, and best practices.

- Collaborative Approach: Excellent communication skills with the ability to simply convey complex security concepts to non-technical stakeholders and clearly articulate the relative risks and trade-offs.

- Product Orientation: Focused on keeping the company secure while ensuring the team can still ship products and deliver value to customers and users.

- Decisions That Scale: Experience cultivating a security-aware development culture that scales through mentorship and automation.

- Passion for Social Impact: A genuine interest in leveraging technology to address social challenges, with a strong sense of purpose in improving outcome

Ready to apply to Binti?

Apply in about a minute

Similar jobs

More like this: Security & Cybersecurity Jobs · Security & Cybersecurity Jobs in San Francisco · Browse all jobs