Senior Application Security Engineer

Helix   •  

San Carlos, CA

5 - 7 years

Posted 240 days ago

This job is no longer available.

Helix’s engineering culture emphasizes:

  • Curiosity - we are all passionate about the possibilities enabled by having access to your own genome
  • Responsibility - we have an obligation to people and our partners to operate with highly credible research guided by well-respected advisors, with clear and effective communication about our products
  • Agility - flexibility and a desire to be nimble, smart, and effective are important to the Helix culture
  • Experience - we’re building a team with amazing track records of achievement in multidisciplinary environment

As an Application Security Engineer, you will:

  • Perform assessment of Helix applications to identify and prioritize risks, driving prioritization and remediation across engineering and science teams
  • Be the expert on vulnerabilities and attack vectors that have the potential to impact Helix’s platform, our partners, and our users
  • Perform security code reviews, application vulnerability testing, and penetration testing, and train engineering team on best practices in application security
  • Identify and implement products and tools to ensure security of our applications, collaborating with engineering, operations, and IT to harden our environment
  • Keep current with latest security developments and leverage your information security experience in the new field of bioinformatics and big data genetics infrastructure

Required background:

  • A passion for improving people’s lives through access to better information about their DNA
  • 5+ years experience in information security including web application assessment, penetration testing, and vulnerability research
  • Have a hacker mindset, curious to break and tinker with technology
  • Very strong logic and problem-solving skills
  • Very familiar with web application security (OWASP, XSS, SQLi, Top 10, etc.) and authentication protocols like OAuth, SAML, LDAP, AD, etc.
  • Understanding of browser security model, mobile security, network security, and cryptography
  • Very experienced with source code reviews, code analysis tools
  • Demonstrated proficiency in JavaScript, Python, Perl, as well as programming experience with Java, C, C++
  • Familiar with threat models for large, distributed systems and cloud-based infrastructure (AWS, Google Cloud, or Azure)
  • Excellent communication skills to document and explain security vulnerabilities and technical risks to a technical audience
  • Diverse domain expertise such as e-commerce, financial, wireless, and healthcare security implementations and techniques
  • Affinity for an engineering culture that emphasizes Agile, DevOps, and continuous delivery
  • BS+ in Computer Science or equivalent experience required; coursework in cryptography, genetics/bioinformatics a plus