Application Security Engineer at Knock (Remote)
Sorry, this job was removed at 4:37 a.m. (PST) on Tuesday, April 5, 2022
We are very happy to announce that we have officially re-opened our Ballard HQ office for voluntary use at 50% capacity! It's excellent to be seeing people in person and have the buzz going again. In order to maintain safety, comfort and flexibility, we currently offer most employees the choice between 3 work locations: HQ-first, Hybrid or Remote; if there are specific location needs, the job description will indicate that below. It is also important to note that we are only able to hire employees who are eligible to work and are based in the US.
We look forward to having you apply to join our team of Knockstars!
We are looking to develop our application security program and find the right engineer to lead it. This is a unique role at Knock tasked with holistically owning application layer security while working closely with our Operations & Risk Officer for broad security program management. This role is perfect for an Engineer who is strong in Python, likes to be autonomous and self directed, and is passionate about seeing their skills impact the business.
The Operations & Risk team at Knock is tasked with optimizing and securing infrastructure, processes, and service providers. Operating across the business, roles on this team produce an outsized impact on business performance and risk while regularly partnering on interesting projects from architecture modernization to service provider POCs.
Day - to - day
- Ensure our applications and services are designed and implemented to the highest standards and resilient to modern threats.
- Identify and own projects to secure application code - ultimately reducing, and hardening, attack surface area.
- Collaborate with Product and Engineering teams on requirements and design - effectively moving security considerations earlier in the SDLC.
- Consult with Engineering teams on secure patterns and practices.
- Partner with Platform and DevOps/Infrastructure teams to secure AWS services and other foundational infrastructure.
- Own SAST, DAST, SIEM, and other security tooling to prevent, detect, and respond to security events.
- Strong knowledge of Python
- 2+ years of security engineering or web application penetration testing
- Experience with secure coding patterns and/or threat modeling (ASVS 4, MITRE ATT&CK, or others)
- Proven ability to work independently while having a direct impact on security within an organization.
- Experience in a high growth, mid- sized SaaS company (200-500 employees)
- Experience in a regulated industry
- Experience with our tech stack including AWS, TerraForm, CircleCI, Jenkins, Veracode SAST, Rapid7 DAST, Splunk, and Crowdstrike.
- Software architecture experience
- AWS certified Security Specialty
Nice to haves:
Extra Bonus Points if you have:
30/60/90 day goals
- Become familiar with environment architecture, application stack, and security tooling.
- Begin to work on small security projects.
- Become available for secure engineering questions from the team
- Join Product and Engineering requirement and design reviews
- Review application and code patterns; propose revisions, if necessary
- Review integration and deployment pipelines; propose revisions, if necessary
- Take Veracode and Splunk training, if necessary
- Review and revise automated security tooling alerts
- Take ownership of SAST and DAST tooling
- Host a Lunch 'n’ Learn on secure software engineering
- Take on larger security projects
- Take ownership of security representation in Product and Engineering requirement and design reviews
Why You’ll Love It Here:
- You'll join a category-creating company that has enthusiastic customers, an ambitious roadmap, and industry leading products.
- You are comfortable taking risks and thinking outside the box.
- Being part of a great team with solid infrastructure in place.
- You want an opportunity to win, drive change and be in an environment that will optimize for your success.
- You embrace our set of core values - determination, excellence, trust, and community.
- Flexible work options - choose to be a HQ, Hybrid or Remote employee with various benefits.
- Competitive cash and equity compensation.
- 100% medical, dental, and vision coverage for full-time employees. Partial family coverage optional.
- Flexible time off & paid holidays.
- Parental leave program.
- 401k with company match to help you save for the future.
- Learning & Development assistance.
- We like to do fun things together (Virtual for now!) such as conferences, off site retreats, and happy hours.
We started Knock to solve problems we faced ourselves. One of those problems was that the process for renting an apartment hadn’t evolved at the same pace as technology. Our mission was to improve the experience for both apartment renters and managers.
We’ve developed an industry-defining SaaS platform, an intelligent front office platform providing the efficiency and business intelligence tools needed to maximize occupancy, rent growth, and customer happiness at every community. Our customers trust us to deliver the consumer experiences and business applications that are essential to their bottom line. The proof is in our 10x revenue growth over the past two years, in addition to our numerous industry awards.
In February 2021 we raised an additional $20 million in a growth funding round led by Fifth Wall, the largest venture capital firm passionate about the global real estate industry and the clear leader in PropTech investing. This investment, our largest fundraise to date, will be invested directly into further innovation on behalf of the incredible #multifamily industry: http://bit.ly/knock-5thwall
Past investors include Madrona Venture Group, Lead Edge Capital, Seven Peaks Ventures and Second Avenue Partners.
To be successful and recognized at Knock, you should naturally encompass our core values: Determination, Excellence, Trust and Community. We take these behaviors seriously and expect everyone to bring a positive Knockstar demeanor with them to work every day.
At Knock, we have a #oneteam philosophy. A big part of bringing new capabilities to life is to continue to bring in outstanding talent that works together toward a common goal. We’ve been especially fortunate to build an outstanding team that delivers real value to our customers each and every day. We can’t wait to hear from you!
We have been recognized over the past several years across multiple platforms as a best place to work. Most recently these awards have included:
Built In Seattle's 100 Best Places to Work (2021, 2022)
Built In Seattle's 50 Best Midsize Places to Work (2022)
Built In Seattle's 50 Best Small Places to Work (2020, 2021)
Best Places to Work Multifamily® (2021, 2022)
Best Places to Work Multifamily® for Women (2021, 2022)
Inc. 5000 Fastest Growing Private Companies (2021)
NAA Best Places to Work - Suppliers (2020)
Knock is committed to crafting a diverse environment and is an equal opportunity employer. We do not discriminate on the basis of race, religion, color, nationality, gender, sexual orientation, age, marital status, veteran status, disability status, or other characteristics protected by applicable laws. We welcome all, and encourage all to apply!
Please know that due to the nature of our business and housing potentially sensitive data, a background check is required to join Knock. We will, nonetheless, consider qualified applicants for employment with arrest and conviction records in a manner consistent with local requirements.
Knock uses the E-Verify employment verification program.
Read Full Job Description