VALR is hiring a Remote Fully Application Security Engineer
\n\nPurpose of the job: \n\n\nAs an Application Security Engineer at VALR, your primary purpose is to fortify our Java/Kotlin, Node.js, and React Native applications against potential security risks. You will ensure the robustness of our platform and safeguard our users' sensitive information. You will collaborate closely with developers, product managers, and security operations to embed security measures into every stage of the development lifecycle.\n\nYou'll be the go-to person for all things related to securing our applications. Your role isn't just about spotting and fixing bugs; it's about taking a holistic view of our security landscape and refining how we build our software to make it safer. You'll lead the charge, embedding security into the fabric of our development process and ensuring our team is empowered to build security into our products from the ground up.\n\nWhile you will lead the application security domain, you'll also draw on the collective knowledge and effort of the team, blending individual responsibility with shared goals. We're building a strong security program, and your role in app sec is crucial, requiring a balance of independent action and collaborative spirit. We're looking for someone who is energised and slightly terrified by the responsibility of securing a growing crypto exchange.\n\nWhat will you be doing:\n\nThe following is an overview of the distinct parts of our application security program. You will be expected to familiarise yourself with our current setup and then thoughtfully adapt and enhance these areas, drawing on your expertise and understanding of our environment.\n\n\n\n* Penetration Testing: Perform detailed security evaluations of applications developed in Java/Kotlin, Node.js, and React Native. This includes static code analysis, dynamic application security testing (DAST), and hands-on penetration testing to uncover vulnerabilities.\n\n* DevOps and Security Automation: Oversee the automated scanning processes, ensuring they are executed correctly and are continuously improved to meet evolving security needs.\n\n* Knowledge Sharing: Work closely with the development teams to embed security practices within their workflows, assisting in the timely resolution of security issues.\n\n* Threat Modeling: Analyse and anticipate potential threats to system security, developing strategies to mitigate these risks effectively.\n\n* Secure Code Review: Examine and rectify security weaknesses in code while educating developers on best practices in secure coding.\n\n* Security Integration and Standardization: Tailor and enforce security protocols and standards, aligning them with the specific needs of our development lifecycle.\n\n* Cybersecurity Awareness: Stay abreast of the latest trends and threats in application security through platforms like Twitter, and refine our security strategies proactively.\n\n* Continuous Learning and Development: Enhance our security posture by creating new tools, processes, and methods, contributing to the advancement of our overall security framework.\n\n* Effective Communication: Produce clear and concise output detailing security assessments and recommendations, facilitating understanding and action. This includes keeping internal vulnerability trackers updated and clearly explaining findings to technical audiences.\n\n\n\n\n\n\n\nWhat we look for in you\n\nHard skills don't matter as much as passion and willingness to learn. However, as this isn't a junior position, we are expecting a base level of proficiency in specific skills directly related to the job:\n\n\n\n* At least three (3) years of experience in an Application Security Engineer position or a comparable role, demonstrating a track record of practical security expertise and successful vulnerability management.\n\n* Proficient in performing penetration testing to identify and rectify vulnerabilities.\n\n* A solid understanding of web and mobile application security principles and best practices, including knowledge of common threats and methods to mitigate them effectively.\n\n* Experience configuring and operating automated security tools (SAST, DAST, etc).\n\n* Humility and pragmatism when dealing with internal teams.\n\n\n\n\nWhat can you expect from VALR:\n\n\n* Competitive salary: Get paid well to work in an exciting industry.\n\n* Leave: Compliance with statutory leave required by individual countries, in addition to flexible leave.\n\n* Remote work: Work from wherever you like. Employees must ensure that there is secure, stable internet connectivity to work effectively remotely.\n\n* Home office setup: Mac laptop and a discretionary allowance to buy all the extras needed to work happily from home - all of it yours to keep after 3 years. Terms and Conditions will apply. \n\n* Learning fund: An annual upskilling budget of R16,000 per employee, which will be converted to the respective currency of the employee's payment, in addition to scheduled VALR training.\n\n* Performance bonus: When you contribute to VALRโs success, youโll be rewarded with discretionary bonuses.\n\n* Regular get-togethers outside of work. \n\n* Annual company retreats.\n\n\n\n\n\n\n\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Crypto, React, Testing, Mobile, Junior and Engineer jobs that are similar:\n\n
$55,000 — $110,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nRemote Worldwide
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.