Application Security Engineer

2 Applied
Job Description

About the Tech Team
The engineering team at Drip Capital is responsible for building and maintaining the online global trade financing platform that supports the interactions between buyers, sellers, financing partners, insurance agents, global retail partners, trade agents, shipping & transportation companies, supply chain and warehousing companies worldwide.
Our primary goal is to ensure that customers are provided time-critical capital and at the same time balance requirements related to risk, fraud management, and compliance. The services are accessed by customers worldwide and hence the engineering systems need to be policy-driven, easily reconfigurable, and able to handle multiple regional languages. We use machine learning for risk classifications/predictions, intelligent document parsing subsystems, robotic process automation, REST APIs to connect our microservices, and a cloud-based data lake and warehouse for data storage and analysis.
Our team comprises talent from top-tier institutions including Wharton, Stanford, and IITs with years of experience at companies like Google, Amazon, Standard Chartered, Blackrock, and Yahoo. We are backed by leading Silicon Valley investors - Sequoia, Wing, Accel, and Y Combinator. We are a global company headquartered in Silicon Valley along with offices in India and Mexico.
Your Role
As anAppSec Engineer in Drip Capital's engineering team, you will have the opportunity to take ownership of :

  • Contribute to and improve secure SDLC practice
  • Design architecture, methods, and controls required to meet security, compliance, and audit requirements.
  • Designing and implementing cloud and network security solutions.
  • Do comprehensive threat modelling for our applications and infrastructure in an Agile flow
  • Perform secure code review and security assessments of web, android and iOS applications, and cloud infrastructure (infrastructure as code).
  • Proactively identify vulnerabilities across our platform and work with developers in fixing them.
  • Automate and simplify security, as Complexity is the enemy of Security.
  • Handle Vulnerability Management and Patch Management processes.
  • Participate in the investigation related to Privacy/Security incidents and response activities.
  • Work with DevOps to implement the security tools and automation of the security tasks.
  • Mentor other engineers and evangelize security practices through cross-functional work with DevOps and engineering teams.
  • Testing the deployed security solutions to make sure they function as planned.

Our Checklist
  • A minimum of 4 years of experience as an AppSec Engineer
  • Hands-on experience in secure design and architecture review of backend services, payments systems like payment gateways.
  • Hands-on experience in secure code review and automation of common security workflows.
  • Hands-on experience and a proven record of securing one or more of the cloud platforms: Azure, GCP, AWS and Hosted Cloud Solutions.
  • Good understanding of OWASP and SANS testing methodologies.
  • Good understanding of software security weaknesses and vulnerabilities.
  • Good knowledge in securing architecture of web, mobile applications and cloud infrastructure.
  • Ability to contribute as an individual and as part of a team
  • Working knowledge of any scripting language Python or Go preferred
  • Experience in writing custom tools/scanners/extenders is a plus
  • Red teaming experience is a plus

If you love to explore the security aspects of a distributed system that makes decisions related to global trade finance, let's talk!