Senior Application Security Engineer

S'more About the Team We're looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture.

You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.

Lettuce Share What This Role Will Be Responsible For

Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments

Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel

Use formal project management skills in planning, tracking, and reporting to close the remediation loop

Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities

Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program

Sound a-peeling? Here's what we're looking for

4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering

Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws

Proven proficiency in one modern scripting language like Python or Go

Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification

Participation in web hacking challenges, competitions or bug bounties

Development of tools or plugins used to conduct security testing and analysis

Developing, extending, or modifying exploits, shellcode or exploit tools

Source code review for control flow and security flaws

Strong knowledge of tools used for cloud, wireless, web application, and network security testing

Let’s cut to the cheese, this is why you'll love it here

Box Discount - Amazing discounts on 1 box per week! 75% discount on weekly HelloFresh and Chefs Plate meal kits AND 50% off weekly Factor meal box.

Health & Wellness - Health & Dental benefits from day 1, a Health Spending Account, unlimited access to the Headspace app to meet your self-care needs, and 25% discount on GoodLife fitness memberships!

Vacation & PTO - Time off is also an important part of self-care! We offer generous vacation and PTO to help you create a good work-life balance.

Family Benefits - A parental leave top-up program for expectant parents.

Growth & Development - We support your career progression and invest in your continued learning through experiences and initiatives owned by our dedicated L&D team

Work Hard & Have Fun - From team socials to engaging company days, you’ll have plenty of opportunity to experience the fun!

Diversity & Inclusion Initiatives - With impactful ERG’s like FreshPride, Women Empowered and LIMES, we are committed to our diversity, equity & inclusion efforts.

Food Puns - this one is kind of a big dill if you haven’t already noticed. We even have some punny meeting room names!

Flexible Hybrid Approach At HelloFresh, we know that flexible work arrangements are essential in enabling you to do your best work, while balancing your personal and life needs. Offering remote work flexibility, along with the opportunity to interact and collaborate in the office are all a part of creating a great employee experience. To meet these needs, we are pleased to provide Flexible Hybrid work. Flexible Hybrid is a people-first approach that is based on choice, trust, personalization, and empowers teams to choose when and how often they work from the office and work from home, in addition to team days and company days. This means a minimum of 2 days in office per week, with most teams in office between 2-3 days a week.

Toronto, ON Pay Range: $122,740—$141,950 CAD

#J-18808-Ljbffr