Application Security Engineer
ClassPass is transforming the $30B fitness industry by connecting people to over 1 million studio fitness classes annually, and inspiring them to live more actively. Since our founding in 2013, we’ve built the world’s leading fitness membership through a digital platform, proprietary technology, a global brand and an unparalleled community. We’re revolutionizing fitness, and even after being recognized as one of Forbes’ Next Billion-Dollar Startups, we believe we’re just getting started.
Our growing team (now over 400 strong!) is a passionate, hard-working bunch that believes in having a real impact on our customers' lives. We take work – and working out – seriously. We’re as inspired by the 35M+ reservations made to date as we are by the life-changing stories we receive from our members and studios, which is why we work together every day to innovate, create, and discover new ways we can make the world a more active place.
We are looking for an Application Security Engineer who can help the Company reduce risks associated with code exploits and help meet the requirements of modern compliance initiatives such as SOC 2. In this role, you will work closely with members of the Product, Engineering and Business Intelligence teams to improve the security of both internal and customer facing services.
- Work closely with front-end and backend engineers to adopt strong security practices when creating UIs and APIs
- Work closely with product managers to prioritize roadmap items that support the Company’s security initiatives
- Manage internal application security scans and external penetration testing in support of SOC 2 compliance
- Proactively investigate code bases for security vulnerabilities and contribute to the development of security-related code for front-end and backend services
- Report on security risks to stakeholders at all levels of the organization ranging from ICs to executives
- Investigate and potentially manage the implementation and operation of an SIEM solution.
- 5+ years of demonstrated experience in the following areas:
- REST API design, Java and Python
- modern application frameworks, especially ReactJS and Django
- cloud computing environments, especially AWS
- Knowledgeable in vulnerabilities affecting modern web applications, their remediation and compensating controls
- Experience meeting the requirements of a well known compliance standard such as SOC 2, PCI-DSS, etc
- Experience with penetration test tools and methods, ability to run standard pen test suites against the internal and public facing infrastructure
- Strong communication and collaboration skills, able to communicate highly technical security related information to stakeholders throughout the company
- Ability to understand a distributed system by pulling together information from various sources like the AWS console, dockerfiles, git, etc
- Experience in network engineering, system administration or database administration is a plus