As an Application Security Engineer you will help us to develop our applications so that they are free of security vulnerabilities and you will also help us to operate our production systems in a secure fashion.

Your job will focus on our applications security, customer data safety, and defending our systems from would-be attackers. You will be analyzing complex systems for security problems and advise on how to improve the system. AppFolio is a big believer in automation, and an important part of the job is to develop tools for automatically detecting vulnerabilities.

Success in this role requires a very strong understanding of security, and a passion for designing secure systems. You need to have advanced security, application, and system troubleshooting and development skills. The Application Security Engineer works as a first responder and is ultimately responsible for the security of AppFolio's systems.

Responsibilities:

Perform manual and/or automated secure code reviews

Perform dynamic security assessments of our production systems

Participate in security incident responses

Develop tools for automatic security testing

Advocate secure development practices to our development teams

Knowledge and Skills:

Ruby on Rails security

Experience with penetration testing

Strong familiarity with automated or manual code reviews

Experience developing security testing tools

Very comfortable with Linux

Working knowledge of the OWASP top 10 security risks and remediation approaches

Detailed technical knowledge in security engineering, system and network security, authentication and security protocols, applied cryptography, security exploit development, security vulnerabilities and remediation techniques

Enthusiasm for tackling complex problems

Desire to teach secure coding practices to developers

Ability to work cross-functionally in a dynamic environment

Ability to follow through on tasks until completed

High degree of flexibility

BS, MS or Ph.D in Computer Science or related fields