Application Security Engineer at Auth0
United States of America
Auth0 allows anyone to authenticate and authorize users, applications, and APIs with any identity provider running on any stack and any device. As you can imagine, that means the security of our customers and their data is paramount.

We're looking to add an application security engineer to our team to help us further improve the security of our products, including Webtask. Our engineering team builds web apps, mobile apps, and APIs, and we have customers in just about every industry. This creates many interesting use cases that we need to support while maintaining security.

The individual filling this role will work closely with Engineering (and other teams), and should feel comfortable shipping bug fixes into production (don't worry, we have a code review process). We love to build tools and automate security whenever it makes sense, enabling others and reducing repetitive tasks.


Ownership of the secure software development lifecycle (process and tools)
Threat modeling of new and existing features
Web application security testing
Security code assessments and internal consulting
Work with third-party vendors as necessary
Occasional travel for team meetings (usually twice a year, possibly international)

Prior application security experience
Software engineering experience with Node.js
Experience working in a Linux and AWS environment

Knowledge of authentication protocols and cryptography
Experience with Docker, MongoDB, and ElasticSearch
Experience working with international, remote teams in a startup environment