LastPass is looking for a Senior Application Security Engineer (PHP):
The LastPass Product Security team is looking for a candidate for the position of Senior Application Security Engineer to join our team and help us ensure the security of our applications. We are a team of talented application security engineers who work in direct partnership with our engineering and platform teams.
If you are passionate about complex problem solving and motivated by scale, then this is the role for you!
Who will you work with?
As a Senior Application Security Engineer at LastPass, you will collaborate with software engineers, product owners, and our architecture team to ensure security best practices are implemented across our products.
What are some of the exciting challenges you will be working on?
- Be part of a dedicated application security team responsible for enhancing the product security of LastPass.
- Work closely with engineering and platform teams to understand their application security needs.
- Utilize your knowledge of security architecture to ensure that our teams build secure products and services from the ground up.
- Conduct application security design reviews, threat modeling, and code reviews.
- Debug and troubleshoot complex client-side applications written in PHP.
- Apply your penetration testing skills to strengthen our internal and external applications and services.
- Support our bug bounty security researcher community and maximize learning opportunities within our engineering processes.
What does it take to work at LastPass?
- Excellent written and verbal communication skills in English
- Deep technical knowledge in web application security
- Experience in developing and/or securing web applications written in PHP
- Basic knowledge of Docker and container security
- Previous experience with threat modeling, testing, and analyzing client-side applications
- A knack for identifying flaws in software and the ability to effectively communicate how to fix them
- Previous experience working closely with engineering teams and supporting them throughout the SDLC (Software Development Life Cycle)
- Team player with a hands-on and can-do attitude
It is great, but not required:
- Experience with .NET or JavaScript/TypeScript
- Experience with React
- Experience with GitLab CI/CD
- Experience with AWS (Amazon Web Services)