Application Security Engineering
Do the best work of your life
Gusto is fundamentally changing how the world works by empowering everyone to put people first. Gusto reimagines payroll, benefits, and HR by automating the most complicated, impersonal business tasks and making them simple and delightful.
Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI), including customers’ SSNs, EINs, salaries, home addresses, and health related information. Our business is largely built on trust. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.
Here’s what you’ll do day-to-day:
- Work with developers to evangelize application security at Gusto
- Run threat modeling of our application and ensure that development teams build security into the design of the architecture
- Guide application development teams in secure coding best practices
- Automate and integrate security into CI pipelines, such as static code analysis and dynamic code analysis
- Assess applications for security vulnerabilities using a combination of manual and automated penetration testing tools.
- Coordinate 3rd party pen-testers
- Manage 3rd party bug bounty programs
- Respond to application security incidents
- Ensure proper management, encryption, and separation of secrets and keys
- Help application teams implement secure SDLC practices
Here’s what we’re looking for:
- 3+ years experience in an application security role
- 2+ years of industry work experience in an engineering function at a technology company.
- Application pen-testing experience
- Familiarity with AWS
- Familiarity with dynamic languages and modern web development frameworks like Ruby on Rails.
- A hands-on engineer who cares deeply about both the technological and social aspects of building a secure organization
- Ability to partner closely with cross-functional stakeholders such as engineering and DevOps
- Always thinking about attack vectors in which PII and PHI can be compromised
Gusto’s mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 40,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company’s investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.
Gusto has offices in San Francisco and Denver and its investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, and the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.
payroll, saas, compliance, software
Company Type: Privately Held
Company Size: 201-500