Lob was built by technical co-founders with a vision to make the world programmable.
We offer two flagship APIs (print & mail and address verification) that enable companies to send postal mail as effortlessly as sending emails. Lob is venture-backed by the most reputable investors in tech, and we are rapidly growing our team to shape the future of our company and meet the demands of a quickly growing customer base and dynamic product offerings.
As a proud Pledge 1% company, we’re committed to leveraging our product, partnerships, and people to drive positive social impact through Lob.org, and are on a mission to make direct mail more sustainable.
We offer remote working opportunities in AZ, CA, CO, DC, GA, IL, MA, MD, MI, MN, NC, NV, NY, OR, PA, TX, UT, and WA. You can also work onsite at our San Francisco headquarters.
About The Role
The position is for a hands-on application security engineering role, embedded within Lob’s infrastructure team. You will have the opportunity to partner and mentor many different engineers across the organization to help them find, prioritize and fix security issues in our products from feature inception to high-impact issues in production. You will be expected to help strategically define processes such as design guides, guardrails, bug bounties, and vulnerability management strategies in partnership with our GRC/Security compliance team. You are also expected to be the domain specialist in one or several parts within the Secure Software Development Lifecycle (SDLC) to mentor and empower other Lob engineers..
As a/the senior application security engineer, you’ll...
Act as a subject matter expert on application security and partner with others to identify, measure, report, and proactively address security and privacy concerns.
Understand business requirements when applying security controls that comply with industry standard methodologies to avoid adversely affecting desired functionality.
Help manage Lob’s application bug bounty program with the help of other application, platform, and security engineers.
Work closely with the platform and infrastructure teams to prioritize roadmap initiatives that improve the SDLC by elevating observability and security controls.
Collaborate closely with the infrastructure, platform, and GRC/security compliance teams to help identify gaps in capabilities or areas of improvement to introduce new tooling, processes, and controls to further secure the Lob platform.
Design, automate, and evangelize DevSecOps practices to enable security operations at scale, thereby creating a secure-by-default platform.
What you will bring to this role...
5+ years of application software development.
3+ years of experience in application security engineering, in cloud-native organizations, with a demonstrated history in improving the SDLC at previous companies through high-impact, cross-functional projects.
Strong software development skills with NodeJS, Golang, and Python.
Subject-matter expertise in web application security, OWASP Top 10, secure code best practices for NodeJS, Golang, Python.
Experience with Static and Dynamic Code Analysis tools, building security checks into CI/CD pipelines.
Experience with AWS/GCP/Azure and containerised and serverless environments, ensuring that security architecture and engineering aligns to up-to-date best practices.
Excellent written and oral communication skills, as well as social skills including the ability to articulate to both technical and non-technical audiences.
Bonus points for...
Experience in managing an Application Security Program.
Experience in a DevSecOps environment.
Experience with HashiCorp tooling (Terraform, Consul, Nomad, Vault), AWS, Datadog, Sift and how to securely leverage other SASS tooling.
Experience with Penetration testing, offensive security, bug bounty programs and how to mitigate the risks.
Since great engineers come from a variety of backgrounds, it doesn’t particularly matter if you have a specific degree—we want to hear about your contributions in a real-world setting.
We’re not just building a platform to make the world programmable. We’re also designing a great place to work, and a ground floor opportunity as an early member of the Lob team; you’ll directly shape the direction of our company.
Health benefits for you and your dependent(s)
Medical Flexible Spending Accounts (FSA)
Unlimited vacation policy
Wellness program (includes monthly stipend or free Barry’s Bootcamp classes!)
Paid parental leave
Paid volunteer time off to support the organizations you care most about
Commuter & Parking benefits (includes monthly stipend) for those based out of our San Francisco office
Free lunch, snacks and dinner when working at our San Francisco office
Dog-friendly San Francisco office
Allowance for in-person team meetings (all flights and accommodations covered) for those not based out of our San Francisco office
Home-office setup and phone/internet stipend for those not based out of our San Francisco office
Our commitment to diversity
Lob is an equal opportunity employer and values diversity of backgrounds and perspectives to cultivate an environment of understanding to have greater impact on our business and customers. We encourage under-represented groups to apply and do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or criminal history in accordance with local, state, and/or federal laws, including the San Francisco’s Fair Chance Ordinance.
About this role
February 13th, 2022
January 14th, 2022
Learn about Lob and their company culture.
Lob is building a suite of APIs for the enterprise. Built with developers in mind, Lob provides tools that allow businesses to build scalable and powerful applications. The most popular API is a print and mail API that enables companies to send postcards, letters, checks, and more as effortlessly as sending emails. Lob is based in San Francisco, CA, and is venture-backed with over 6000 customers including Intuit, Square, and Counsyl.
Learn about the technology and tools that Lob uses.
About this role
February 13th, 2022
January 14th, 2022