Senior Application Security Engineer
Thinkific is a software platform that gives anyone the ability to easily create and sell online courses, build vibrant communities, and monetize memberships. We believe in impactful and innovative work: our team of 250+ Thinkers is building and expanding an incredible product that empowers Creator Educators and businesses around the globe while working collaboratively to learn, grow, and succeed together. Join us to see how we’re building one of the best workplaces in Canadian tech!
We believe every candidate should have a fair, inclusive, and overall great experience when exploring a new role with Thinkific. That starts with outlining our hiring process so you know what to expect every step of the way—click here to learn more: https://thnk.cc/whattoexpect
Are you a natural collaborator who is passionate about all things security? We’re looking for a Senior Application Security Engineer to join us at Thinkific.
As a Senior Application Security Engineer at Thinkific, you will play an important role in our delivery of an exceptional experience to our customers all around the world with security top of mind. Reporting to the Director, Information Security, you will leverage your experience within the security space to work closely among Security, Product, and Engineering teams to assess and remediate risk, as well as design and support new security-related processes within our Software development lifecycle (SDLC).
Your goal will be to help further secure our customer data, application, and infrastructure from quickly global and growing cybersecurity threats. Here’s how you’ll accomplish this:
- Collaborate closely with development teams, conduct code reviews and provide guidance to integrate robust security measures into application code
- Lead the development of threat models for our applications, identifying potential vulnerabilities and guiding mitigation strategies
- Implement secure coding practices within the SDLC and work on continuous improvement based on feedback
- Stay up-to-date with the latest cybersecurity threats and actively apply best practices to protect our applications
- Conduct and oversee penetration testing activities to proactively identify and address security weaknesses in our applications
- Play a key role in the creation and enforcement of internal security policies that prioritize the security of application code
- Contribute to compliance efforts by assisting in reporting, dashboarding, and participating in audits with a specific focus on application security objectives
- Serve as the primary point of contact for security incidents related to application vulnerabilities and respond swiftly to remediate issues
The person we have in mind likely:
- Has 2+ years experience as an Application Security Engineer and 5+ years experience in a security engineering position
- Possesses strong experience securing infrastructure in Amazon Web Services (IAM, VPC, Route 53, ELB, EC2, Lambda, RDS, Redshift, Elasticache, S3, Cloudtrail, GuardDuty, Kubernetes, etc.) via automation (Terraform, Ansible, Lambda, etc.), or direct equivalent services in other Platform as a service (PaaS) providers
- Has strong experience securing web applications (OWASP) and administering linux-based systems
- Demonstrates experience writing security-focused tests in languages such as CodeQL and writing and maintaining policy-as-code practices
- Holds firm knowledge of threat modeling and risk assessment techniques within the shared responsibility model
- Displays an understanding of implementing security monitoring, logging, and alerting and a working knowledge of containerized environments (i.e. Kubernetes)
- Has exceptional written and verbal communication
- Has the ability to work remotely and manage their own time in a distributed team
- Loves to learn and grow. They’ve found (and keep looking for) ways to level up their skills in this field, whether that’s through formal education, gaining professional experience, or maybe even building their own business
These things would also be nice, but we think you could learn them on the job:
- A working knowledge of Continuous Integration (CI) tools
- Experience securing critical production environments such as having hundreds of servers running and automating vulnerability scanning systems like Qualys, Tenable (Nessus), or Rapid7 (Nexpose)
- A track record of supporting compliance efforts
- Experience working with Atlassian products (JIRA, Confluence)
The recruitment compensation range for this position is $116,000 - 145,000 CAD
Diversity, Equity, Inclusion and Belonging & Accessibility
This is just our initial idea of who we’re looking for! At Thinkific, we know that people have unique career journeys. If your experience is close to what we’ve described but you feel that you might be missing a few of the requirements, please still apply! We believe in equal opportunity and are committed to diversity, equity, inclusion, and belonging across every facet of our business.
We’re also committed to providing a comfortable and accessible interview experience for every candidate. If there are any accommodations our team can make throughout our hiring process (big or small), please let us know.
What you can expect if you join Thinkific:
- An amazing team of talented, passionate, and kind Thinkers. Together, we’ve built an amazing culture—we’re one of Canada's Top Small & Medium Employers!
- The chance to build, improve, and innovate on a platform that’s driving positive impact—we already support 50,000+ active creators in over 165 countries.
- A competitive compensation package. This includes your base salary, equity, and an Employee Share Purchase Plan, on top of some great perks.
- Comprehensive benefits starting on Day 1. We have health, vision, and dental coverage for you and your family, plus $3000 for mental health care and a health or personal spending account.
- A flexible work environment—choose to work from home, at our Vancouver HQ, a co-working space, or anywhere there’s wifi for a change of scenery.
- An open vacation policy and flexible work environment. Our team takes a minimum of 4 weeks vacation each year and makes work fit into their lives (not the other way around).
- Career growth. We put an emphasis on your development with our annual $1500 USD Learn and Grow fund, training, mentorship, coaching, and internal promotion opportunities.
- A home office setup. You’ll be ready to succeed with a company-owned Macbook Pro and a budget to get a desk, chair, or any accessories to help you work comfortably and productively.
- Generous parental leave top-ups for up to 32 weeks, as well as fertility coverage through our group benefits plan.
- A place where you can bring your whole self to work. We know that different perspectives lead to amazing ideas, more innovation, and, ultimately, our success as a company. We welcome applicants of all backgrounds, experiences, beliefs, identities, and statuses. Whoever you are—we can't wait to meet you!