Application Security - Senior Security Engineer(Remote) at Auth0
United States of America

Auth0 provides a secure, highly available, enterprise-grade platform that secures billions of log-ins every year. The company makes it easy to implement even the most complex identity solutions for their web, mobile, IoT and internal applications, as well as sophisticated identity management for employees, customers and partners. Auth0 has raised over $54 million from Meritech Capital, NTT DoCoMo, Trinity Ventures, Bessemer Venture Partners, K9 Ventures, Silicon Valley Bank, Founders Co-Op, Portland Seed Fund and NXTP Labs.

Thousands of enterprises and millions of users worldwide depend on Auth0 for authentication and authorization of their most mission-critical apps, APIs and IoT devices. Auth0’s top priorities are availability and security.

We are looking for a Senior Application Security Engineer to join us in keeping Auth0 and our customers data safe. Our engineering team builds web apps, mobile apps, and APIs, and we have customers in just about every industry. This creates many interesting use cases that we need to support while maintaining security.

Our App Sec Engineers work closely with our our product teams - reviewing apps and building tools to make their work as frictionless and secure as possible.

*To be considered, please apply using your most-updated CV or resume. Cover letter preferred, but not required.




Provide team leadership and own the delivery of application security projects

Be a subject matter expert for application security - supporting our product teams

Own our Secure Software Development Lifecycle  - both the process and tools

Conduct security reviews and provide internal consulting

Build, deploy and maintain security controls and instrumentation around and in our code

Threat modeling of new and existing features

Educate and influence our product teams




Significant experience working as an Application Security Engineer or developer

Development experience with at least one programming languageDeep understanding of modern web technologies, mobile and web security

Deep understanding of common vulnerabilities in web and mobile applications and how to prevent them

Proven ability to influence development teams to deliver secure code

Experience with threat modeling methodologies

Strong written and verbal communication skills

Comfort working in a globally distributed environment with a remote workforce


Extra Points:


Development experience with Node.js / Javascript

Experience with authentication protocols (e.g. SAML, OAuth etc)

Experience running a bug bounty programme