Application Security Engineer
The Motley Fool
 PA (Pennsylvania)

Who are we?

We are The Motley Fool, a purpose-driven financial services firm with nearly 30 years of expertise. Our goal is to make the world smarter, happier, and richer by providing outstanding business and investing advice, at scale. But what does that even mean?! It means we’re helping Fools (always with a capital “F”) demystify the world of finance, beat the stock market, and achieve personal wealth and happiness through our investing services, like Stock Advisor, and Motley Fool Wealth Management, our portfolio management service.

What does this team do?

The Application Security team ensures that every application we own is safe from bad actors. We are an advisor to every one of our development teams, providing them with guidance on security architecture and implementation. The applications we protect span several environments, whether it be Kubernetes, clouds of all types (IaaS, PaaS and FaaS), web or mobile.

What would you do in this role?

As a Security Engineer, you will be finding vulnerabilities in our codebase and providing actionable remediation advice. This role will also involve proactively diagnosing security issues that may arise as part of our software development practices and regularly presenting recommendations to team leads.

But what does this role actually do?

  • Perform penetration testing and security reviews across our suite of applications.
  • Advise and partner with engineering teams on security architecture and implementation.
  • Integrate security tools (SAST, DAST, SCA) into our CI/CD pipeline.
  • Develop security tools and automation.
  • Participate in incident response to events reported by the SOC.

What do you need to apply?

  • Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience.
  • 2+ years in application security, preferably with a software development background.
  • Strong working knowledge of vulnerability identification and exploitation.
  • Experience with one or more programming languages.
  • Ability to communicate deep technical issues in terms of business risk with non-experts and senior leaders.

It’s even better if you have…

  • Have strong working knowledge of browser security features.
  • Have experience with implementing security solutions in a cloud environment.
  • Have some experience responding to security incidents.
  • Have participated in bug bounties or online competitions

The Motley Fool is firmly committed to diversity, inclusion, and equity. We are a motley group of overachievers that have built a culture of trust founded on Foolishness, fun, and a commitment to making the world smarter, happier and richer. However you identify or whatever winding road has led you to us, please don't hesitate to apply if the description above leaves you thinking, “Hey! I could do that!“

The Motley Fool has been twice named Glassdoor’s #1 Best Small Business to work for in the U.S., named to Inc.’s Best Workplaces of 2020, named one of BuiltIn’s Best Places to Work in Colorado, and we’re a perennial favorite on Washingtonian’s list of Best Places to Work year after year. Below you’ll see a few of our perks, but check out this site for the complete list:

  • No “vacation policy” (not to be confused with a “No vacation” policy)
  • Paid maternity, paternity, and pet-ernity leave
  • $1,000 to invest when you start
  • Super low premiums for medical, dental and vision coverage
  • Comprehensive compensation package, including company equity