Staff Application Security Engineer

Meet Upside:

We created Upside to transform brick-and-mortar commerce. Our technology uses the sophistication of online retailprofit measurement attribution and incrementalityto provide users with more value on their everyday purchases and brick-and-mortar businesses with new profitable customers. Weve helped millions of users earn 2 to 3 times more cashback than any other product and hundreds of thousands of brick-and-mortar businesses earn measurable profit. Billions of dollars in commerce run through the Upside platform every year and that value goes directly back to our retailer partners the consumers they serve and important sustainability initiatives.

The Impact Youll Make:

Youll report into the Director Information Security and build relationships with technology stakeholders. Youll leverage your knowledge of secure code practices and payment systems to identify and remediate application vulnerabilities. This individual contributor role will innovate for our AppSec team increase our AppSec posture and enable our engineers to code safely.

• Innovate with AI and deliver security solutions to mitigate application vulnerabilities

• Run security code tests (SAST SCA) and partner with engineers to remediate unsafe code

• Create threat models and engage technology teams to review and document risks

• Guide leadership on security architecture design and best AppSec practices

• Train and upskill engineers on safe coding and vulnerability management

• Assist penetration testing initiatives and/or help manage bug bounties

• Support administration of AWS Control Tower and IAM provisioning

• Interact with the security community and keep aware of trends

What You Should Have:

• 6 years of application or product security inclusive of reviewing Python code

• Experience with innovating and delivering solutions related to vulnerability management

• Deep knowledge of AWS and Lambda security architecture and AWS Control Tower

• Strong understanding and adoption of AI technologies

• Bachelors degree in Computer Science or Engineering highly preferred

• Exceptional customer service and people skills

Tools We Use:

• Github Suite (Advanced Security Actions Copilot)

• Python

• Terraform

• AWS Lambda DynamoDB S3 SNS SQS IAM VPCs

• ChatGPT

• Snowflake

• SQL
  

Location:

This role offers location flexibility however if youre based in the Washington D.C. Austin Chicago or NYC metropolitan regions in-office attendance is required on a hybrid basis.

Compensation:

The US base salary range for this full-time position is $210000 - $230000 equity benefits. The final starting pay will be determined based on job-related skills experience qualifications work location and market conditions. Your recruiter can share more about the specific salary range during the hiring process.

#LI-Hybrid

#LI-NE1

Benefits:

• Medical dental and vision coverage starting on Day 1

• Equity (ISOs)

• 401(k) program

• Family planning programs paid parental leave

• Physical fitness and wellness memberships

• Emotional and mental health support programs

• Unlimited PTO 10 paid federal holidays our annual week-long Winter Break

• Flexible work environment

• Lunch reimbursement for in-office employees

• Employee Resource Groups

• Learning and Development stipend

• Transparent culture

• Amazing mission!

Diversity and Inclusion:

Diversity drives innovation and our differences make us stronger. Were passionate about building a workplace that represents a variety of backgrounds skills and perspectives and we do not discriminate based on race religion color national origin gender sexual orientation age marital status veteran status or disability status. Everyone is welcome here!

If theres anything we can do to support a disability or special need during your application or interview process please email

This email is for accessibility accommodations only it should not be used to submit job applications.

Notice To Recruiters And Placement Agencies:

This is an in-house search with a dedicated recruiter. Please do not submit resumes to any person or email address at Upside. Upside is not liable for and will not pay placement fees for candidates submitted by any party or agency other than its approved recruitment partners.

Required Experience:

Staff IC