Staff Application Security Engineer

<div class="content-intro"><p>At Braze, we have found our people. We’re a genuinely approachable, exceptionally kind, and intensely passionate crew.</p> <p>We seek to ignite that passion by setting high standards, championing teamwork, and creating work-life harmony as we collectively navigate rapid growth on a global scale while striving for greater equity and opportunity – inside and outside our organization.</p> <p>To flourish here, you must be prepared to set a high bar for yourself and those around you. There is always a way to contribute: Acting with autonomy, having accountability and being open to new perspectives are essential to our continued success.</p> <p>Our deep curiosity to learn and our eagerness to share diverse passions with others gives us balance and injects a one-of-a-kind vibrancy into our culture.</p> <p>If you are driven to solve exhilarating challenges and have a bias toward action in the face of change, you will be empowered to make a real impact here, with a sharp and passionate team at your back. If Braze sounds like a place where you can thrive, we can’t wait to meet you.</p></div><p><strong>WHAT YOU'LL DO</strong></p> <p>Braze is seeking a Staff Application Security engineer to join our team. Braze is a modern, cloud-first, SaaS application company with no classical “legacy” systems. We are seeking a Staff Application Security engineer to work with our existing Application Security team to better protect our production applications and their related application infrastructure, as well as provide expert level guidance to development teams around secure architecture for their systems.</p> <p>You are a person who is comfortable with, and excels in an environment where you are the sole point of technical escalation for complex, large scale software security projects. You are able to effectively, accurately, and holistically identify security issues in application architecture, in code, and in application running states.</p> <p>You are an expert at communicating security requirements to developers, technical teams, and non-technical parties. You have developed your tone of delivery for all categories of recipients and have a track record of ensuring mutual understanding for your security implementation requests and assessment of risk. You have a deep understanding of SaaS software development lifecycles. You have strong, pre-formed opinions on how to ensure security in the development cycle while simultaneously creating a condition where technical teams are not burdened by controls. You have experience in both successes and failures in implementation of security controls in both the development cycle and post-production environments, and can articulate implementation importance and reasoning to both high-level engineers, academics, and management.</p> <p>You are able to handle complex security incidents and escalations as a technical incident commander, and make determinations quickly, accurately, and with a cool head. You have experience with medium to large scale incident response and can process several simultaneous technical and administrative inputs while consistently working towards clear goals for remediation and containment. You are familiar with not only garden variety attack patterns, but have studied and understand TTP’s of advanced threat actors and can visually pattern match data points in order to make accurate predictions about unknowns during incidents.</p> <p><strong>WHO YOU ARE</strong></p> <p>An good candidate will have:</p> <ul> <li>10+ years of experience securing an application at a company at an IC level or higher</li> <li>Demonstrable experience in consistently locating novel security vulnerabilities in web software</li> <li>5+ years experience conducting penetration tests both as a single tester and on a team</li> <li>5+ years of experience in application incident response</li> <li>Experience with active testing against AI/LLM integrated web applications and APIs</li> <li>Expe ... (truncated, view full listing at source)