Application Security Engineer

At Instructure, our vision is to help people learn, develop, and engage from their first day at school to their last day of work. Our goal is simple: create more effective ways for everyone everywhere to access education, make discoveries, share knowledge, be inspired, and do big things. We accomplish all this by giving smart, creative, passionate people opportunities to create awesome. So here’s your opportunity…Being a cloud based company, we must ensure our platform is extremely secure and our customer’s data well protected. We are looking for an application security engineer who enjoys diving into code and solving complex security issues.If you are the kind of person who enjoys bringing technology to bear to make the bad people sad, working with wickedly smart people in a fast paced, responsive, and customer obsessed company, we have an opportunity for you.

What you will be doing:

• Analyzing, troubleshooting, and investigating code flaws within our global cloud based platform.
• Support the bug bounty program by reproducing and triaging submissions.
• Partner with product and engineering teams to conduct application security reviews including threat modeling and security reviews.
• Implementing tools, systems, policies, and processes which help identify and address code vulnerabilities across repositories.
• Working with other teams to identify areas of opportunity for improving our security standards, technology, and practices without mucking up the culture.
• Maintaining a company culture of openness, trust, and transparency while ensuring a safe, secure, and protected environment for our customers.

Here's what you'll need to know/have:

• 3-5 years experience in application security.
• Development or scripting experience. Ruby and Ruby on Rails is preferred.
• Experience with static application security testing tools (SAST), dynamic application security testing (DAST), and vulnerable 3rd party library analysis.
• Strong understanding of common vulnerabilities and how to address them (e.g. OWASP Top 10)Strong communication skills (written and verbal), in all of its forms.
• Extensive understanding of cloud based hosting platforms (e.g. AWS) is a plus.
• CEH, GIAC, or other industry recognized security certification is a plus.
• Grace under pressure.
• Desire to learn from, teach, and share with others.
• Black hats need not apply, but grey hats are welcome (and even celebrated).
• Unbridled curiosity, good instincts, and skills, for finding things that don’t want to be found.
• A personality that wants to get along with people, but fights the urge to be a “yes” person.

Get in on all the awesome of Instructure:

• A fun, friendly, and helpful company culture
• Competitive compensation
• Private Medicover healthcare + cafeteria plan/SZEP card
• Employee stock purchase program
• Wellness motivation through PandaFit
• Employee referral bonus program
• An extra week off for the whole company every year
• Employee recognition program
• Goal-setting, proactive reviews, and internal training
• Employee assistance program

We’ve always believed in hiring the most awesome people and treating them right. We know that the more diverse we are, the more diverse our ideas will be and when we openly welcome those ideas, our environment is better and our business is stronger.All Instructure employees are required to successfully pass a background check upon being hired.