Figure is transforming capital markets through blockchain and is seeking an Application Security Engineer to enhance the security of their software. The role involves architecting security solutions, integrating security into development processes, and leading initiatives to improve security posture.
Responsibilities:
- Architect, design, and implement end-to-end security solutions, including firewalls, intrusion detection, encryption protocols, security event management, and cloud security controls
- Collaborate with DevOps to integrate security into CI/CD pipelines, ensuring automation and repeatability of secure deployments
- Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations
- Lead cross-team initiatives that significantly improve our security posture while balancing speed and innovation
- Mentor engineers on security best practices and build a culture of security by design
- Actively participate in incident response, on-call rotations, and post-incident reviews to continuously improve defenses
- Improve and run Figure's vulnerability management program including triage, prioritization, tracking remediation, and reporting on risk reduction over time
- Collaborate with DevOps to integrate security gates at various points throughout the software development lifecycle, ensuring automation and repeatability of secure deployments
- Manage third-party penetration tests, including scoping, vendor coordination, and tracking remediation of findings
- Automate sources of toil, such as routine patching or dependency upgrades
- Conduct threat modeling and security reviews for new features and services, partnering with engineering teams early in the design process
- Conduct regular security assessments, threat modeling, and architecture reviews to identify risks and design mitigations
- Lead cross-team initiatives that significantly improve our security posture while balancing speed and innovation
- Actively participate in incident response, on-call rotations, and post-incident reviews to continuously improve defenses
- Adhere to all company security policies and data handling procedures
- Complete mandatory security awareness training within required timeframes
- Promptly report any suspected security incidents or suspicious activity to the Security team
Requirements:
- Strong background in reading and writing code
- Experience in architecting, designing, and implementing end-to-end security solutions, including firewalls, intrusion detection, encryption protocols, security event management, and cloud security controls
- Experience collaborating with DevOps to integrate security into CI/CD pipelines
- Experience conducting regular security assessments, threat modeling, and architecture reviews
- Experience leading cross-team initiatives to improve security posture
- Experience mentoring engineers on security best practices
- Experience participating in incident response, on-call rotations, and post-incident reviews
- Experience managing third-party penetration tests, including scoping, vendor coordination, and tracking remediation of findings
- Experience automating sources of toil, such as routine patching or dependency upgrades
- Experience conducting threat modeling and security reviews for new features and services
- Adherence to all company security policies and data handling procedures
- Completion of mandatory security awareness training within required timeframes
- Prompt reporting of any suspected security incidents or suspicious activity to the Security team