Senior Application Security Engineer
Company and Vision
PlanetArt’s vision is to be the leading seller of personalized and make-on-demand products worldwide. We provide consumers with unmatched tools and content and an unparalleled end-to-end customer experience that result in high-quality, meaningful finished products and memorable celebrations of live events.
The company’s brands include the popular FreePrints and FreePrints Photobooks apps and the industry leading SimplytoImpress card and stationery site, as well as Personal Creations, CafePress and ISeeMe! Visit www.planetart.com to learn more about our brands.
We have more than 500 team members across multiple offices, primarily in Calabasas CA, San Diego CA, Woodridge IL, Minneapolis, MN and Pleasanton, CA. We also have team members in two company-owned offices in China, as well as in Europe.
Job Overview
PlanetArt is looking for a Senior Application Security Engineer to support the company’s Information Security department. The successful candidate will be an integral part of a developing and expanding Application Security program. The Senior Application Security Engineer is a vital role that helps to provide assurance for PlanetArt’s critical applications and securely enables business functions.We’re looking for a person who is just as passionate about uncovering a security vulnerability as you are about educating developers on how to fix it. Your focus will be on helping to help improve and maintain an Application Security program that can be used as the benchmark for our industry.
PLEASE NOTE: Candidates must be local to or willing to relocate to the Calabasas, CA, San Diego, CA, Woodridge, IL, Minneapolis, MN, or Pleasanton, CA areas, as we operate on a hybrid work model (3 days onsite, 2 remote).
What You’ll DoKey Responsibilities
- Perform security testing on internally developed applications and clearly document findings and recommendations
- Create and maintain security automation and scripting to improve security controls within PlanetArt
- Evaluate, classify, prioritize, and convey findings from SAST, Pen Tests, SCA, BBP, and manual testing to internal development teams
- Help manage our Bug Bounty Program and act as a liaison between external researchers and internal development teams
- Assist in the development of secure code libraries where applicable
- Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
- Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
- Develop internal processes and suggest improvements for increased security and efficiency
Requirements
What You Should HaveSkills, Qualifications, and Requirements
- 8-12 years’ experience within Cybersecurity with a proven focus on Application Security
- 4-8 years working exposure to code development either through hands on developments, code review, or a combination of the two and 2-4 years specifically in application security
- Hands on experience working in cloud environments, and a firm grasp on cloud architecture
- Must be well organized, thrive in a sense-of-urgency environment, leverage best practices, and most importantly, innovate through any problem with a can-do attitude.
- Must understand various systems technologies, architecture fundamentals, next-generation technology and how security comes into play or is affected
- Proven communication skills, the ability present information clearly and concisely to all levels of management both formally and informally
- Working knowledge of code versioning tools like Git and continuous delivery tools like Jenkins
- Familiarity with OWASP top 10 vulnerabilities, mitigations and their impact on application architecture
- Understand information security concepts, protocols, and industry best practices
- Experience with application security testing including SAST, DAST and SCA
Working Conditions
- Work is performed in an office environment with low to moderate noise levels.
- Occasional lifting of up to 20 pounds.
- Position requires regular, continuous use of computer.
- Position requires regular sitting and standing.
- Position requires regular interaction with team members through the following methods: in-person, phone, WebEx, Slack, or email.
- May require occasional travel.
- This is a hybrid position; employees are expected to be in the office three days per week (Monday, Tuesday, and Thursday) with the option of working remotely two days (Wednesday and Friday).
Benefits
The compensation range for this position is $119,000 - $125,000 annual salary.
PlanetArt offers a comprehensive benefits package, including:
- Health, Dental, and Vision Insurance
- Life Insurance
- 401(k) with matching
- Excellent Work/Life Balance – Paid Time Off, Sick Days, Paid Holidays, and Floating Holidays
- Employee Product Discounts