Drata’s Senior Application Security Engineer is Drata’s full time in-house resident hacker, responsible for identifying and mitigating application and product security of Drata’s Trust Management Platform. This scope includes identifying and mitigating application and product security risks, implementing application and product security controls, providing guidance to development teams to help ensure secure coding practices, and directly assisting in changes needed to mitigate these risks and vulnerabilities.
What you’ll do:
Be Our Resident Hacker and Internal Red Team — Hack All The Things! Conduct security assessments of applications, including code reviews, penetration testing, and red team exercises. Work with external partners to accomplish these things as part of annual and ongoing assessments.
Set Application Security Expectations: Develop and implement security policies, standards, guidelines, and procedures to ensure the safety and protection of Drata’s data, applications, platform, and supporting systems. Collaborate with development teams to integrate security into the software development life cycle (SDLC).
Build Security Into Everything: Work closely with internal teams to ensure application security is integrated throughout the software development lifecycle, system administration, and business operations. Collaborate with cross-functional teams to ensure security compliance across all departments and systems. Work with Drata’s product and engineering teams during design to help ensure security is baked into the application.
Vulnerability Management: Conduct regular vulnerability assessments, and identify and mitigate security vulnerabilities in applications in a timely manner.
Application Security Incident Response: Lead investigation and response efforts for application-level security incidents.
Foster Trusted Partnerships Across Engineering: Build strong, collaborative relationships with application and platform teams. Act as an embedded security partner—offering practical, empathetic guidance to drive secure development without blocking innovation.
Deploy and Advance Application Security Capabilities: Continuously research, evaluate, and implement cutting-edge application security technologies.
Reporting: Prepare and present regular application security reports to management. Communicate application security vulnerabilities and remediation efforts to relevant stakeholders.
What you’ll bring:
Bachelor's degree in Computer Science or related field (or equivalent experience)
5+ years of experience in application security, software development, or related field
Strong knowledge of secure coding practices, web application security, and threat modeling
Experience with common web application vulnerabilities and remediation techniques
Strong knowledge of web application development frameworks and technologies including REST, Node, Javascript, Typescript, and React
Experience with security testing tools such as Burp Suite and OWASP ZAP
Experience with application observability tools such as Datadog
Strong problem-solving and analytical skills
Strong verbal and written communication skills
Benefits:
Healthcare: 90-100% paid premiums for medical, dental, and vision plans for employee and dependents + on demand health care concierge
HSA, FSA, & DCFSA: Pre-tax savings plans for healthcare and dependent care, with up to a $600 annual employer contribution to the HSA plan (if enrolled in HSA medical plan)
100% paid short and long term disability plus life + AD&D benefits
Learning & Development: $500 annually towards professional development opportunities + $250 annually towards personal development opportunities
Flexible Time Off: Flexible vacation policy for strong, fully charged batteries
16 Weeks Paid Parental Leave: An inclusive policy to ensure you have time with your newborn, newly adopted, or foster child
Work Remotely: Flexible hours and work from home + $1,000 annually to cover necessary business related items for your home office
401K: Reach your financial goals while reducing your taxes
This role will receive a competitive base salary, benefits, and stock, typically in the form of Restricted Stock Units (RSUs). The applicable salary range for each US-based role is based on where the employee works and is aligned to one of 3 tiers based on the cost of labor for that geographic area. The expected salary ranges for this role are below, subject to change.
Tier 1: $166,840 - $206,200
Tier 2: $150,280 - $185,600
Tier 3: $133,535 - $165,000
You can view which tier applies to where you plan to work here. A variety of factors are considered when determining someone’s leveling and compensation–including a candidate’s professional background and experience. These ranges may be modified in the future and final offer amounts may vary from the amounts listed above.