Senior Application Security Engineer

Built is a growth-stage company at the intersection of FinTech and PropTech. We are on a mission to change the way the world gets built with technology and services that streamline the $1.4T U.S. construction industry. Built’s platform for the construction finance industry modernizes the movement of money between all stakeholders within the construction and real estate process to manage risk and maximize productivity. Built provides software, payments, B2B marketplace, and data solutions to more than 190 of the top financial institutions and hundreds of contractors throughout North America. In addition to our recent $125M Series D funding and $1.5B valuation, we’re proud to have been named one of Forbes’ Best Startup Employers in America and one of The Tennessean’s 2022 Top Workplaces. Bringing on the “best talent in the world” is at the forefront of our continued growth trajectory—and we want you to be part of it.LINKS- Series D Financing Round- Built Upon 2021 Success

Primary Duties and Responsibilities:

• Work closely with engineering to help enable developers to produce secure code
• Analyze security gaps in software processes and controls; then design, implement, and deploy automation to close said gaps
• Validate findings from security scanning tools in the SDLC for static (SAST), dynamic (DAST), and open source application testing (SCA), and help validate and advise on remediations
• Help ensure implementation of software security standards
• Ensure secure practices for CI/CD systems as well as some infrastructure-as-code
• Test, replicate and validate security vulnerabilities in applications
• Secure Code Review
• Support for Secure Code audits and assessments

Skills and Specifications:

• Understand and be comfortable explaining OWASP top 10 vulnerabilities
• Proficiency in at least one programming language (Python, NodeJS preferred)
• Strong scripting language skills (Bash, PowerShell, etc.)
• An understanding of modern software development methodologies, and CI/CD solutions and processes
• Analytical skills, and strong creative and conceptual thinking skills
• Growth mindset, pushing toward excellence and focus on continuous improvements

Requirements:

• 5+ years in information security or in secure code development
• Experience working for a software development/SaaS/PaaS company preferred
• Demonstrated passion for information security via participation/leadership in conferences, webinars, Capture the Flag (CTF), TryHackMe, Bug Bounty, CVEs, and/or personal projects
• Security certifications (OSCP, GWEB, etc.) are nice but not required

Our Perks- The rare opportunity to radically disrupt an industry- Competitive benefits including: uncapped vacation, health, dental & vision insurance, and 401k- Robust compensation package including base salary, quarterly bonus, and equity - Flexible working hours, paid family leave, ERGs & Mentorship opportunities - Learning grant program to support ongoing professional developmentOur company is made up of passionate people who are driven in a variety of disciplines—and each of them bring their unique perspective to everything they do. Creating a safe and inclusive workplace is critical to the success of our company and of our employees, so it’s our aim to recruit, hire and promote without bias against race, color, religion, sex, sexual orientation, gender identity, marital status, veteran status or any other status protected by applicable law. As we learn and as we grow, we’re committed to ensuring that these ideals are at the forefront of everything we do.