Featured: Senior Application Security Engineer at SpotHero

Location: Chicago

Job Type: Full-Time


Who We Are:

At SpotHero, we work as a team to empower people to get everywhere, easier! We’re rapidly growing with the mission of bringing the parking industry into the future through technology. Drivers across the nation use the SpotHero mobile app or website to reserve convenient, affordable parking in advance, on-the-go or through their connected cars, and parking companies rely on us to help them reach new customers while optimizing their business. We connect the dots with cutting-edge technology, delivering value to both sides of this exciting, evolving marketplace.

Senior Application Security Engineer @ SpotHero:

The Senior Application Security Engineer will be helping to build the Application Security function at SpotHero. They will work closely with development teams, engineering and product managers and third-party groups (including the paid bug bounty program and security auditors) to identify and remediate security vulnerabilities in SpotHero’s products and practices.You like digging deep in infrastructure and code to find and fix the root cause of security vulnerabilities. You enjoy working with engineers of all disciplines and technology stacks both to achieve your goals and to educate others. You’ll be contributing to projects that are highly visible to our executive team.

Key Responsibilities (What will you do?)

Support and consult with product and development teams around secure development of applications and features.
Research, verify, and assist in remediating reported security vulnerabilities.
Perform threat modeling and security focused code reviews
Deploy and maintain code scanning tools used for testing code for applications and infrastructure.
Lead security champions program and educate software developers on common vulnerabilities and measures they can take to prevent them in their applications.
Assist in responding to security incidents.

Systems/Tools: SpotHero uses a broad range of systems and tools but you do not need to be an expert in all of them.

IDEs, debuggers, open-source tools, Burp Suite
Static and dynamic analysis tools such as Snyk or Semgrep
Python/Django, Go, and/or Kotlin
Amazon Web Services (AWS)
Kubernetes, SumoLogic, Terraform
Confluence, Jira, Google GSuite

Knowledgeable in web/backend application security, with some understanding of mobile.
Ability to manage and prioritize projects and drive them to completion.
Proficient in developing and debugging in at least one programming language (Python, Go, Kotlin, etc).
Experience performing threat modeling or performing web/mobile application penetration testing.
Experience communicating with and educating engineering teams on security vulnerabilities.
Familiarity in setting up and using static and dynamic code analysis, container auditing tools, or other tools incorporated in the software development lifecycle.
Familiarity with cloud security controls and best practices. Experience with Amazon Web Services (AWS) is preferred but not required.
Nice to have: OSCP, Certified Secure Software Lifecycle Professional (CSSLP), and/or equivalent certifications.

Company Website:

Job Posted by: Maria Luna

How To Apply:

Link to Apply: