Job details
![Newsletter form background]()
Senior Application Security Engineer
Treasure Data:
At Treasure Data, we’re on a mission to radically simplify how companies use data to create connected customer experiences. Our sophisticated cloud-based customer data platform drives operational efficiency across the enterprise to deliver powerful business outcomes in a way that’s safe, flexible, and secure. We’re proud to be InfoWorld’s 2022 “Technology of the Year” Award winner and trusted by leading companies around the world, spanning the Fortune 500 and Global 2000 enterprises.
Treasure Data employees are enthusiastic, data-driven, and customer-obsessed. We are a team of drivers—self-starters who take initiative, anticipate needs, and proactively jump in to solve problems. Our actions reflect our values of honesty, reliability, openness, and humility. We offer a competitive salary and benefits and were named one of the “50 Best Workplaces of the Year 2022” as well as the national ranking as one of the “Best and Brightest Companies to work For. ”
About the Role:
Treasure Data began by offering data warehousing and processing services, since then we’ve moved further up the value chain with our Customer Data Platform application (CDP), which is seeing a lot of traction with customers new and old. Moreover, CDP is the fastest growing offering we have and is front and center in most major initiatives across the company.
We’re looking for an experienced Senior Application Security Engineer as part of our Security Architecture component of our IT & Security Team who is excited to change how we practice and deliver a secure and compliant customer data platform hosted in Amazon Web Services (AWS). Our IT & Security charter is to influence and work alongside engineers across the company and with strategic partners to build and grow their cloud products and services.
Do you have a passion for Application Security? Do you get excited about protecting Treasure Data by setting the security direction and guidance for securing our software supply chain? This is your opportunity to be a leader in protecting Treasure Data services that enable our business and support our customers against current and future threats.
At Treasure Data, we put a great deal of emphasis on collaboration and maintaining an open work environment, regardless of location. We believe employees should not just work but enjoy doing it - appreciating and valuing working alongside your co-workers goes a long way towards that goal and we strongly believe in ensuring that’s always the case.
If this sounds like the kind of opportunity you’ve been looking for, then we’re going to need your resume of course, but more importantly include a short note giving us a sense of why you think you are absolutely the right person for this job and how you are going to meet and exceed the objectives outlined below.
Responsibilities & Duties:
Build relationships and partner with Product and Engineering Development Teams to formulate and implement a strategy for software security that is tailored to the specific risks faced by the product and its targeted consumers.
Conduct application security assessments and aggregate threat intelligence regularly to identify attack vectors against Treasure Data's products and services. Mitigate risk by updating the protection mechanism and developing appropriate detections via appropriate tools to facilitate effective incident response processes.
Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the organization.
Coordinate or conduct application penetration testing and drive remediation efforts to completion.
Identify, develop, and integrate security testing tools, including but not limited to SAST, DAST, into continuous integration and continuous development framework.
Provide operational and executive-level reporting based on agreed-upon metrics that demonstrate program performance progression and material-impacting risk reduction.
Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
Provide recommendations on security requirements to be included in product design and security testing.
Interact directly with the security community regarding vulnerabilities and threats.
Develop an application security awareness and training curriculum in collaboration with Engineering Organization.
If you can see the following as opportunities rather than risks, then this is the role for you. We will provide you with the opportunity to grow and support you in this role.
There are many opportunities for you to make impacts on Treasure Data, because Treasure Data is still a small organization, the systems and processes are not yet set in stone and our business environment has been changing continuously.
Security Architecture work follows a Kanban style. We attempt to maintain a sustainable pace of work and watch out for each other’s workload. This is a marathon, not a sprint.
You are expected to come up with different solutions to meet each stage of a growing organization. Tooling is not always the answer, likewise understanding when to build versus when to buy is an important feature of this role.
There is a lot of communication with your colleagues in other countries on a daily basis.
Our organization loves diversity, spanning geographies, time zones, cultures, and languages. We need to produce documentation and diagrams that are clearly understood by everyone.
Ability to clearly and concisely respond to customers is a must.
Must be process oriented and have the ability to transform ambiguity into repeatable and predictable results.
Must strike a reasonable balance between security, usability and practicality.
Must be biased to action, favor automation and have a keen eye for continual improvement.
This role covers large work and geographical area.
Required Qualifications:
BS degree in Computer Information Systems or related field.
Expertise in software development with elements of security is required.
Experience working with public Cloud environments is required.
Knowledge of OWASP Top 10 and CWE Top 25 Framework.
Experience writing and building software solutions using common programming languages like Java, Python, Ruby, JavaScript, Go, etc.
Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens.
Possess a desire to conduct internal penetration testing to secure systems or use as training materials to help others learn.
Prior experience producing concise and quality technical documentation and reports.
Ability to break down work into tasks and maintain these tasks into an organized, sustainable set of goals.
Excellent communication and presentation skills, and experience presenting to management.
Perks and Benefits (US):
Our benefit package showcases our culture of care and empathy with
Comprehensive medical, dental, vision plans and Employee Assistance Program (EAP)
Competitive compensation packages
Company paid life insurance 3x salary
Company paid short- and long-term disability coverage
Retirement planning (401K) with company match
Restricted Stock Units (RSU)
Paid vacation and sick time
Paid volunteer and mental health days
Up to 26 weeks paid parental leave
16 Company holidays (includes 2 floating holidays)
Our Dedication to You:
We value and promote diversity, equity, inclusion, and belonging in all aspects of our business and at all levels. Success comes from acknowledging, welcoming, and incorporating diverse perspectives.
Diverse representation alone is not the desired outcome. We also strive to create an inclusive culture that encourages growth, ownership of your role, and achieving innovation in new and unique ways. Your voice will be heard, and we will help amplify it.
Agencies and Recruiters:
We cannot consider your candidate(s) without a contract in place. Any resumes received without having an active agreement will be considered gratis referrals to us. Thank you for your understanding and cooperation!
At Treasure Data, we’re on a mission to radically simplify how companies use data to create connected customer experiences. Our sophisticated cloud-based customer data platform drives operational efficiency across the enterprise to deliver powerful business outcomes in a way that’s safe, flexible, and secure. We’re proud to be InfoWorld’s 2022 “Technology of the Year” Award winner and trusted by leading companies around the world, spanning the Fortune 500 and Global 2000 enterprises.
Treasure Data employees are enthusiastic, data-driven, and customer-obsessed. We are a team of drivers—self-starters who take initiative, anticipate needs, and proactively jump in to solve problems. Our actions reflect our values of honesty, reliability, openness, and humility. We offer a competitive salary and benefits and were named one of the “50 Best Workplaces of the Year 2022” as well as the national ranking as one of the “Best and Brightest Companies to work For. ”
About the Role:
Treasure Data began by offering data warehousing and processing services, since then we’ve moved further up the value chain with our Customer Data Platform application (CDP), which is seeing a lot of traction with customers new and old. Moreover, CDP is the fastest growing offering we have and is front and center in most major initiatives across the company.
We’re looking for an experienced Senior Application Security Engineer as part of our Security Architecture component of our IT & Security Team who is excited to change how we practice and deliver a secure and compliant customer data platform hosted in Amazon Web Services (AWS). Our IT & Security charter is to influence and work alongside engineers across the company and with strategic partners to build and grow their cloud products and services.
Do you have a passion for Application Security? Do you get excited about protecting Treasure Data by setting the security direction and guidance for securing our software supply chain? This is your opportunity to be a leader in protecting Treasure Data services that enable our business and support our customers against current and future threats.
At Treasure Data, we put a great deal of emphasis on collaboration and maintaining an open work environment, regardless of location. We believe employees should not just work but enjoy doing it - appreciating and valuing working alongside your co-workers goes a long way towards that goal and we strongly believe in ensuring that’s always the case.
If this sounds like the kind of opportunity you’ve been looking for, then we’re going to need your resume of course, but more importantly include a short note giving us a sense of why you think you are absolutely the right person for this job and how you are going to meet and exceed the objectives outlined below.
Responsibilities & Duties:
Build relationships and partner with Product and Engineering Development Teams to formulate and implement a strategy for software security that is tailored to the specific risks faced by the product and its targeted consumers.
Conduct application security assessments and aggregate threat intelligence regularly to identify attack vectors against Treasure Data's products and services. Mitigate risk by updating the protection mechanism and developing appropriate detections via appropriate tools to facilitate effective incident response processes.
Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the organization.
Coordinate or conduct application penetration testing and drive remediation efforts to completion.
Identify, develop, and integrate security testing tools, including but not limited to SAST, DAST, into continuous integration and continuous development framework.
Provide operational and executive-level reporting based on agreed-upon metrics that demonstrate program performance progression and material-impacting risk reduction.
Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks
Provide recommendations on security requirements to be included in product design and security testing.
Interact directly with the security community regarding vulnerabilities and threats.
Develop an application security awareness and training curriculum in collaboration with Engineering Organization.
If you can see the following as opportunities rather than risks, then this is the role for you. We will provide you with the opportunity to grow and support you in this role.
There are many opportunities for you to make impacts on Treasure Data, because Treasure Data is still a small organization, the systems and processes are not yet set in stone and our business environment has been changing continuously.
Security Architecture work follows a Kanban style. We attempt to maintain a sustainable pace of work and watch out for each other’s workload. This is a marathon, not a sprint.
You are expected to come up with different solutions to meet each stage of a growing organization. Tooling is not always the answer, likewise understanding when to build versus when to buy is an important feature of this role.
There is a lot of communication with your colleagues in other countries on a daily basis.
Our organization loves diversity, spanning geographies, time zones, cultures, and languages. We need to produce documentation and diagrams that are clearly understood by everyone.
Ability to clearly and concisely respond to customers is a must.
Must be process oriented and have the ability to transform ambiguity into repeatable and predictable results.
Must strike a reasonable balance between security, usability and practicality.
Must be biased to action, favor automation and have a keen eye for continual improvement.
This role covers large work and geographical area.
Required Qualifications:
BS degree in Computer Information Systems or related field.
Expertise in software development with elements of security is required.
Experience working with public Cloud environments is required.
Knowledge of OWASP Top 10 and CWE Top 25 Framework.
Experience writing and building software solutions using common programming languages like Java, Python, Ruby, JavaScript, Go, etc.
Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens.
Possess a desire to conduct internal penetration testing to secure systems or use as training materials to help others learn.
Prior experience producing concise and quality technical documentation and reports.
Ability to break down work into tasks and maintain these tasks into an organized, sustainable set of goals.
Excellent communication and presentation skills, and experience presenting to management.
Perks and Benefits (US):
Our benefit package showcases our culture of care and empathy with
Comprehensive medical, dental, vision plans and Employee Assistance Program (EAP)
Competitive compensation packages
Company paid life insurance 3x salary
Company paid short- and long-term disability coverage
Retirement planning (401K) with company match
Restricted Stock Units (RSU)
Paid vacation and sick time
Paid volunteer and mental health days
Up to 26 weeks paid parental leave
16 Company holidays (includes 2 floating holidays)
Our Dedication to You:
We value and promote diversity, equity, inclusion, and belonging in all aspects of our business and at all levels. Success comes from acknowledging, welcoming, and incorporating diverse perspectives.
Diverse representation alone is not the desired outcome. We also strive to create an inclusive culture that encourages growth, ownership of your role, and achieving innovation in new and unique ways. Your voice will be heard, and we will help amplify it.
Agencies and Recruiters:
We cannot consider your candidate(s) without a contract in place. Any resumes received without having an active agreement will be considered gratis referrals to us. Thank you for your understanding and cooperation!
Treasure Data Glassdoor Company Review
Kazuki Ohta
4.0
Treasure Data DE&I Review
4.3
CEO of Treasure Data
Approve of CEO
Put “Connected Customer Experiences” at the heart of every business.
17 jobsTEAM SIZE
LOCATION
DATE POSTED
March 28, 2023
Subscribe to Rise newsletter
🔮
Hi, I'm Risa! Your AI Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
you, just ask me below!
Other jobs
Posted last year
Posted 2 years ago
Posted 2 years ago
Posted 2 years ago
Sign up for our weekly
newsletter of fresh jobs
ABOUT RISE
FOR COMPANIES
REMOTE JOBS & MORE
LOOKING FOR A JOB?
FIND A JOB NEAR ME
CONNECT
