17 червня 2022

Application Security Engineer (вакансія неактивна)

Ukraine - remote

Grammarly is excited to offer a remote-first hybrid working model. Team members can work primarily remotely in the United States, Canada, Ukraine, Germany, Poland, and Portugal. Conditions permitting, teams will meet in person a few weeks every quarter at one of Grammarly’s hubs, currently in San Francisco, Kyiv, New York, Vancouver, and Berlin, or in a shared workspace in Krakow.

Please note our Kyiv hub is currently closed, but we hope the time comes soon when we can reunite with team members there. We continue to provide support to our Ukraine team members displaced within and outside of Ukraine.

The opportunity

Grammarly empowers people to thrive and connect, whenever and wherever they communicate. More than 30 million people and 30,000 teams around the world use our AI-powered writing assistant every day. All of this begins with our team collaborating in a values-driven and learning-oriented environment.

To achieve our ambitious goals, we’re looking for engineers to join our AppSec team. In this role, you will have a substantial impact on the security of Grammarly product family and cloud infrastructure behind it. We are looking for engineers eager to find bugs and vulnerabilities in the code and to conduct black-box and white-box testing of different products and features.

Grammarly’s engineers and researchers have the freedom to innovate and uncover breakthroughs—and, in turn, influence our product roadmap. The complexity of our technical challenges is growing rapidly as we scale our interfaces, algorithms, and infrastructure. Read more about our stack or hear from our team on our technical blog.

Your impact

In this role, you will:

  • Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams.
  • Develop secure system design and secure coding recommendations.
  • Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments.
  • Actively participate in the “security champions” initiative and provide security training to engineering teams.
  • Perform security testing on our internal and external applications—including performing security code reviews, vulnerability assessments, and exploit development, as well as documenting the outcomes of the research.
  • Manage Grammarly bug bounty and drive different program initiatives and promotions.
  • Integrate SAST/DAST in CI/CD and operational pipelines.
  • Create and manage tools (e.g., web security scanners) to help test and monitor product security.

We’re looking for someone who

  • Embodies our EAGER values—is ethical, adaptable, gritty, empathetic, and remarkable.
  • Has a minimum of two years in application security or related field.
  • Has knowledge of programming languages (JS, Java, Python, Go).
  • Is familiar with software development methodologies, processes, and tools.
  • Is familiar with modern DevOps practices and tools.
  • Has working experience with application security tools like BurpSuite, OWASP ZAP, Metasploit, etc.

An ideal candidate would be someone who

  • Has participated in bug bounty programs and security research.
  • Has practical experience with device management, access provision, and access management.
  • Has prior experience in continuous security cycle implementation for web applications.
  • Has knowledge of networking principles or macOS/Linux/Windows platforms.
  • Has experience with malware analysis; reverse engineering is also a plus.
  • Has experience with AWS (or other cloud platforms).

We encourage you to apply

At Grammarly, we value our differences, and we encourage all—especially those whose identities are traditionally underrepresented in tech organizations—to apply. Grammarly is an equal opportunity company. We do not discriminate on the basis of race, religion, color, gender expression or identity, sexual orientation, national origin, citizenship, age, marital status, veteran status, disability status, criminal prosecution, judgment in a criminal case, or any other characteristic protected by law.