We’re thrilled to announce Handshake’s $80M Series E funding round. From the start, we’ve made it our mission to break down barriers and create equitable access to great jobs. We’re expanding our mission to build a platform students love, that helps early talent of all backgrounds receive access to opportunities – no matter who they know or where they go to school. 

Handshake is the largest early career network, helping millions of students from all backgrounds get hired and launch their careers with no connections, experience, or luck required. The Handshake community includes 18 million students and young alumni (9 million active students & alumni) from 1,400 educational institutions including four-year colleges, community colleges, boot camps, and 290+ minority-serving institutions. We connect up-and-coming talent across all 50 states with 600,000+ employers recruiting on Handshake - from every Fortune 500 company to thousands of small businesses, nonprofits, startups, and more. Handshake is headquartered in San Francisco with offices in Denver, New York, and London.

Everyone is welcome at Handshake. We know diverse teams build better products and we are committed to creating an inclusive culture built on a foundation of respect for all individuals. We strongly encourage candidates from non-traditional backgrounds, historically marginalized or underrepresented groups to apply.

If you are not sure that you’re 100% qualified, but up for the challenge – we want you to apply. We believe skills are transferable and passion for our mission goes a long way.

Want to learn more about what it's like to work at Handshake? Check out these interviews from our team members!

What does a Senior Application Security Engineer do at Handshake?

Handshake is building a diverse team of dynamic engineers who value creating a high quality, high impact product. We are looking for a Senior Application Security Engineer who will be responsible for taking ownership of application security initiatives such as defining security requirements and policies, reviewing testing and deployment standards, and asset and vulnerability management. You'll be working with the Infrastructure team whose goal is to build a secure, reliable platform for our engineers. 

Your Role:

• Build out the application security strategy within Handshake, laying the foundation for future proofing the product. This will include bringing in new or enhancing existing processes (e.g. SDLC, SLAs) and tooling (e.g. SAST, DAST)
• Conduct penetration testing against native mobile applications and web services.
• Validate internal, external and crowd-sourced application security findings and articulate them to Handshake engineering teams.
• Participate in documenting Handshake engineering architecture and performing threat modeling for white-box assessment activities.
• Think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
• Serve as a subject matter expert for secure coding practices, penetration testing, mobile platform security, and all aspects of application and product security.
• Perform any other application security or product security related activities or tasks as needed.
• Partner with engineering and product leaders across the company to help them prioritize security issues in their products and balance business goals.

Your Experience:

• You prefer taking projects from inception to completion and are outcome oriented.
• You act with empathy when partnering with fellow engineers and coworkers.
• You have experience working in distributed, performant, at-scale backend systems.
• You are able to think both offensively (like a hacker) and defensively (evaluating product security and security architecture).
• You have 5+ years of experience with OWASP, static/dynamic analysis, and common security tools.
• You have a deep understanding of web application architecture.
• You have experience with application security tools (static code analysis, dynamic scanning, WAF, etc.).
• You have experience performing proactive research to detect new attack vectors.
• A pen-test certification such as Offensive Security Certified Professional (OSCP) or Certified Ethical Hacker (CEH), OSWE, OSCE, GPEN, GMOB, GWAPT, GXPN.

Technologies you'll work with:

• Kubernetes, Terraform, GCP, AWS
• PostgreSQL, Redis, Pub/Sub, Elasticsearch
• Ruby on Rails, Golang

Benefits:

• Stock: Ownership in a fast-growing company.
• 401k: We care about your ability to save for your future.
• Family Focus: Parental leave and flexibility for families.
• Time Off: Flexible vacation policy to encourage people to get out and see the world.
• Healthcare: World-class medical, dental, and vision policies.
• Goodies: Whatever hardware and software you need to get the job done.
• Team Fun: Regularly scheduled events, sports, game nights, book clubs.
• Learning: Learning & Development opportunities for you to grow your skills and career.
• Great team: Working with fun, hardworking, nice people who are committed to making a difference!
• ...And much more!