Staff Security Application Engineer
Job Description
Keeper Security, a leading cybersecurity company, is seeking a Staff Security Application Engineer to lead their in-house application security program. This role combines hands-on technical expertise with strategic security leadership, focusing on penetration testing, bug bounty management, and security research. The position offers the opportunity to work directly with the CTO and shape the security posture of a globally distributed platform trusted by millions of users worldwide.
The ideal candidate will bring 7+ years of experience with Java and React, along with deep expertise in application security and penetration testing. You'll be responsible for conducting internal security assessments, managing third-party security partnerships, and leading the bug bounty program. The role requires both technical excellence in security testing and the ability to collaborate effectively with development teams to integrate security into the SDLC.
Keeper Security's platform is FedRAMP and StateRAMP Authorized, FIPS 140-2 validated, and SOC 2 and ISO 27001 certified, demonstrating their commitment to the highest security standards. The company operates globally, with their software available in 21 languages across 150 countries. This position offers the chance to work remotely while contributing to cutting-edge cybersecurity solutions that protect organizations worldwide.
The company offers comprehensive benefits including medical, dental, and vision insurance, life insurance, 401k options, and a generous PTO plan. As a Staff Security Application Engineer, you'll play a crucial role in advancing Keeper's security initiatives while working with a team dedicated to excellence in cybersecurity.
Responsibilities For Staff Security Application Engineer
- Perform internal application penetration testing and vulnerability assessments for Java- and React-based applications
- Collaborate with 3rd-party penetration testing firms and validate findings
- Own and manage Keeper's bug bounty program, including triage and coordination with engineering teams
- Conduct security-focused R&D to identify emerging threats and recommend mitigations
- Work with development teams to integrate security into the SDLC and assist with remediation guidance
- Develop and maintain application security tooling, scripts, and automation
- Provide clear documentation and reporting of vulnerabilities, risks, and security recommendations
Requirements For Staff Security Application Engineer
- 5+ years of experience in application security or penetration testing roles
- 7+ years of experience with Java (backend) and React (frontend) for security testing and review
- Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, or similar
- Solid understanding of web application security, OWASP Top 10, and secure coding practices
- Experience managing bug bounty programs (HackerOne, Bugcrowd, etc.)
- Familiarity with common application frameworks, APIs, and cloud-native environments
- Strong analytical and problem-solving skills
- Excellent communication skills for working with developers and leadership
Benefits For Staff Security Application Engineer
- Medical, Dental & Vision (Inclusive of domestic partnerships)
- Employer Paid Life Insurance & Employee/Spouse/Child Supplemental life
- Voluntary Short/Long Term Disability Insurance
- 401k (Roth/Traditional)
- A generous PTO plan that celebrates your commitment and seniority (including paid Bereavement/Jury Duty, etc)
