Application Security Engineering

Full Time
San Francisco, CA
Areas of Interest: Threat Analysis
report a problem
Overview


Do the best work of your life

Gusto is fundamentally changing how the world works by empowering everyone to put people first. Gusto reimagines payroll, benefits, and HR by automating the most complicated, impersonal business tasks and making them simple and delightful.

Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI), including customers’ SSNs, EINs, salaries, home addresses, and health related information. Our business is largely built on trust. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.

Here’s what you’ll do day-to-day:

  • Work with developers to evangelize application security at Gusto
  • Run threat modeling of our application and ensure that development teams build security into the design of the architecture
  • Guide application development teams in secure coding best practices
  • Automate and integrate security into CI pipelines, such as static code analysis and dynamic code analysis
  • Assess applications for security vulnerabilities using a combination of manual and automated penetration testing tools.
  • Coordinate 3rd party pen-testers
  • Manage 3rd party bug bounty programs
  • Respond to application security incidents
  • Ensure proper management, encryption, and separation of secrets and keys
  • Help application teams implement secure SDLC practices

Here’s what we’re looking for:

  • 3+ years experience in an application security role
  • 2+ years of industry work experience in an engineering function at a technology company.
  • Application pen-testing experience
  • Familiarity with AWS
  • Familiarity with dynamic languages and modern web development frameworks like Ruby on Rails.
  • A hands-on engineer who cares deeply about both the technological and social aspects of building a secure organization
  • Ability to partner closely with cross-functional stakeholders such as engineering and DevOps
  • Always thinking about attack vectors in which PII and PHI can be compromised

ABOUT GUSTO

Gusto’s mission is to create a world where work empowers a better life. By making complicated, impersonal business tasks simple and personal, Gusto is reimagining HR, payroll, and benefits for over 40,000 companies nationwide. Gusto has offices in San Francisco and Denver and the company’s investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, as well as the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.




Share this job:

Gusto

Empowering everyone to put people first.
Humans aren’t resources. Gusto is fundamentally changing how the world works by empowering everyone to put people first. Gusto reimagines payroll, benefits, HR, and personal finance by automating the most complicated, impersonal business tasks and making them simple and delightful.

Gusto has offices in San Francisco and Denver and its investors include Google Capital, General Catalyst, Kleiner Perkins Caufield & Byers, and the founders of Instagram, Stripe, Nest, PayPal, Yelp, Dropbox, and Eventbrite, among others.

Specialties
payroll, saas, compliance, software
Visit Gusto's Social Media pages:
Company Industry: Financial Services
Company Type: Privately Held
Company Size: 201-500
One other job with this company: