BetterHelpRemote
Senior Security Engineer, Applications
United States of America
Full Time
2 hours ago
$130,000 - $185,000 USD
H1B Sponsor
Key skills
Web application securityCode reviewSecurity architecturePentestingBug bounty programsWeb security vulnerabilitiesPentesting toolsNetworking conceptsOWASP Top 10Security automationsPHPReactNext.jsBash scriptingAI awarenessThreat modelingGoBashAIAWSKubernetesGitHub ActionsGitHubOWASP
About this role
BetterHelp is on a mission to make mental health care more accessible to everyone. As a Senior Security Engineer on the Applications Team, you will help build the maturity of the Application Security Team, focusing on identifying vulnerabilities, conducting code reviews, and collaborating with development teams to enhance security practices.
Responsibilities:
- Work with a nimble passionate security team, collaborating with development and product
- Conduct vulnerability triage: handle internal and external vulnerability reports, and more importantly: go beyond investigating and write fixes yourself
- Review code and help make decisions about secure coding decisions
- Review new product features to ensure they are designed with security in mind
- Collaborate with other developers and teams for long term security success
- Code solutions for preventative measures and generating alerts
- Use your detective work to get to the AH-HA! moment when you find and replicate the root cause of an issue and figure out how to fix it
- You will care and be involved in our product, mission, and success - way beyond checking off tasks
Requirements:
- 5+ years of experience in web application security
- Strong experience with code review, security reviews, security architecture, pentesting, and bug bounty programs
- Experience working in full-stack projects
- Experience with discovering and fixing common web security vulnerabilities
- Experience using web application pentesting tools (e.g. Burp Suite)
- Basic understanding of networking concepts (DNS, TCP/IP, VPNs)
- Able to explain complex ideas either verbally or in writing to a mixture of audiences
- Knowledge and understanding of the OWASP Top 10
- Experience creating security automations with GitHub Actions or other methods
- Experience coding in PHP and working with React/Next.js
- Experience using scripting, using regex, and writing bash scripts
- Experience with applications deployed in AWS & Kubernetes
- Awareness of AI and LLMs, and how they are used in consumer products
- Experience using AI and LLMs in security research
- Experience with threat modeling