Principal Application Security Engineer

Binti builds modern software to help every child have a safe, loving, and stable family. Working with county and state governments across 36 states, Binti's tools improve the child welfare system. The 500+ agencies using Binti serve about 42% of children in child welfare in the US, and agencies using Binti have increased the number of approved families by an average of 30%, making a real dent in the shortage of foster/adoptive parents for children in the US. Beyond helping families foster/adopt children, Binti is launching software to support families who are struggling to get the services they need to stay together with or reunify with their children.

Binti is a for-profit, mission-driven software company based in Oakland, CA. Investors include Founders Fund, First Round Capital, Kapor Capital, and others. We’re a team of 90+ people and growing quickly. We care about creating a workplace where everyone feels welcome and can bring their full self to work. We have a huge, ambitious vision to rewire government to be more effective in expanding opportunities for people around the world, and we are looking for mission-driven, high-empathy, high-performance, and low-ego team members to join us on our exciting journey towards that vision.

OVERVIEW OF ROLE

As Binti's first Principal Application Security Engineer, reporting to our VP of Engineering, you will play a critical role in ensuring the security and integrity of our software applications. You will work collaboratively with cross-functional teams to identify and address potential security vulnerabilities, implement best practices, and contribute to the development of secure coding standards.

WHAT YOU WILL DO 

• Conduct Security Assessments: Provide holistic assessments of Binti’s security stance, including performing regular security reviews, code audits, penetration testing, and threat modeling to maintain the highest standard of application security.

• Set Direction:  Help Binti chart a specific course of action to achieve the security stance we desire. This includes scoping and prioritizing work, determining what levels of investment and risk we should take on given our scale and capacity, and building relationships across teams to effectively communicate and advocate for these goals.

• Respond To Incidents: Respond promptly to security incidents, collaborate with engineers on-call, and provide detailed post-event analyses. Evaluate the applicability of emergent security concerns through risk rating and assessment (such as OWASP).

• Improve Security Architecture: Work with engineering to identify, design, and implement technologies to enhance security automation, both for the software development lifecycle and …