Senior Application Security Engineer

About The Role & Team

Amplitude’s mission is to be the operating system for digital business. At its core, Amplitude provides a new window into digital customer behavior that helps businesses answer the question: “Where do we place our digital bets to maximize growth?” We approach challenges with humility, we take ownership of our contributions, and our growth mindset pushes us to constantly improve ourselves, each other, and the value we bring to customers and partners.

The Trust and Information Security team is a blend of security engineers and security-focused software engineers working in concert to develop and maintain security best-practices that are incorporated in every stage of the software development process. We continuously advocate and train engineers on trending security issues, assist with third-party security assessments, and manage external traditional as well as crowd-sourced security penetration testing engagements.

We’re looking for a senior application security engineer who is well-accustomed and thrives on working in a fast-paced and fun environment, with a deep understanding of web application security.

As a Sr. Application Security Engineer, you will: 

• Up-level Amplitude’s secure software development controls
• Identify and prioritize potential risks in designs, code, deployed applications
• Enable secure development, identify recurring classes of security problems, find the root cause, and develop generalized solutions. 
• Build and integrate security controls into Amplitude’s agile development processes
• Iterate quickly and make software design decisions on product features.

You'll be a great addition to the team if you have:

• Ability to adapt to engineering priorities without sacrificing security.
• 7+ years of development experience at least half of which is in security engineering.  
• Successfully built tools and processes to reliably identify security issues and logic flaws across large code bases.
• Are an expert in browser security controls, are intimately familiar with the OWASP top ten, and are experienced implementing API application security best practices.
• Have in-depth experience in threat modeling and have development experience in at least two or more languages, including at least one of: JavaScript, Python, or Java. Fluency with one or more JavaScript application frameworks (React/Redux, Angular, Backbone, etc.) is a bonus.
• Enjoy performing application security reviews, are unafraid of threat modeling and consider yourself an expert when it comes to security code reviews and ethical testing. 
• Understand the unique security risks and capabilities with IaaS, PaaS, and SaaS, and are able to communicate security issues to engineers.
• Are experienced in architecting, automating, maintaining, and securing applications hosted on cloud computing platforms, AWS experience is a plus.

Who We Are

The Company: Amplitude is filled with humble, life-long learners who are eager to help one another and the company succeed. Our values of growth mindset, ownership, and humility are core to the way we work: we’re tenacious in the face of challenges, we take the initiative to solve problems that drive our shared success, and we operate from a place of empathy and openness, seeking to understand many points of view. 

We care about the well-being of our team: along with excellent health insurance, we offer flexible time off, a monthly wellness stipend, a 12-week parental leave, and a generous Learning & Development stipend.  And when our offices are open, we offer delicious in-office lunch, dinner, & snacks, and commuting benefits.

The Product: Amplitude is a product intelligence platform– we help companies understand their users, rapidly release better product experiences, and grow their business. We’re super proud of what we’ve built and continue to build on: a platform that enables companies to thrive. 

Amplitude powers digital upstarts like Calm and Peloton and technology leaders like Microsoft and Paypal, but also 100+ year old companies like Ford, as they rethink their digital revenue strategy.

Other fun facts about Amplitude: 

• Amplitude is a tech startup to bet your career on in 2021, according to Business Insider.
• Amplitude had a record year of growth in 2020 and grew employee headcount by 24%.
• Amplitude is one of the best software products on the market according to G2.
• Founded in 2012, Amplitude is backed by Sequoia Capital, GIC, IVP, Battery Ventures, Benchmark Capital, Y Combinator and other top tier investors.
• We recently raised our Series F funding ($150M) led by Sequoia Capital, and crossed into the 4 x Unicorn status with a valuation of $4BN.
• More than 1,200 customers, including 26 of the Fortune 100.
• We have offices in San Francisco (HQ), New York, Amsterdam, London, Paris, and Singapore. 
• Our mascot is the datamonster, who loves to chow down on all your numbers, charts, and graphs. Nom nom.

Amplitude provides equal employment opportunities (EEO). All applicants are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.

Amplitude’s D&I Commitment: Amplitude believes that diversity enables creation of better products, ability to solve complex problems, and drive more powerful solutions. In order to make diversity possible, we commit to striving to create an environment of inclusion: an environment focused on psychological safety, empathy, and human connection, which will allow employees of all backgrounds to feel the care they need to thrive.

#LI-ME1