Senior Application Security Engineer

HelloFresh
Toronto, CA

Who this role is best for

Best suited to senior security engineers with offensive security experience who thrive in hybrid work environments with a focus on cloud and web application security.

Best fit for

  • Offensive security specialists with cloud and web application testing expertise
    — “Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review
  • Candidates who develop tools to enhance security programs
    — “Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program
  • Professionals comfortable presenting technical findings to executive audiences
    — “Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Things to consider

  • Hybrid work requires at least 2 days in-office weekly
    — “This means a minimum of 2 days in office per week
  • Certifications like OSWE or GWAPT are relevant
    — “Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT)

How to stand out

  • Showcase participation in bug bounties or hacking challenges
    — “Participation in web hacking challenges, competitions or bug bounties
  • Highlight projects where you extended exploit tools
    — “Developing, extending, or modifying exploits, shellcode or exploit tools
  • Demonstrate formal project management in security contexts
    — “Use formal project management skills in planning, tracking, and reporting to close the remediation loop
Pace · SteadyCollaboration · HighAutonomy · MediumDecision Impact · TeamLevel · Senior

Derived from job-description analysis by Serendipath's career intelligence engine.

What success looks like

  • improving security posture
  • closing remediation loops
  • developing security tools
Typical background
4-7 years of security engineering experiencecertifications in web application penetration testing

Skills & requirements

Required

Application SecurityPenetration TestingVulnerability ManagementReportingProject Management

Preferred

Scripting Languages (python, Go)Bug Bounty Program Management

Stack & domain

PythonGoNetwork ProtocolsWeb Application Penetration TestingSource Code ReviewCloud Security TestingWireless Security TestingRed TeamingSocial EngineeringCommunicationProblem-solvingDecision-makingOffensive Security Web Expert (oswe)Giac Web Application Penetration Tester (gwapt)Application SecurityVulnerability ManagementPenetration Testing

About the role

Original posting from HelloFresh

S'more about the team

We’re looking for a new teammate to join us on the journey of keeping HelloFresh a trusted name - someone with a passion for security and appetite for new challenges. Security Engineers work in a variety of ways to constantly iterate and improve HelloFresh’s security posture. 

You will be part of the squad responsible for maintaining and improving HelloFresh’s Vulnerability Management Program which provides umbrella coverage to Pentest, Red Teaming, Cloud Assessment, Source Code Review, use of vulnerable dependencies, Supply Chain Audits and Bug Bounty program.

Lettuce share what this role will be responsible for

Perform network/cloud penetration, web and mobile application testing, source code reviews, threat analysis, wireless network assessments, and social-engineering assessments

Develop comprehensive and accurate reports and presentations for both technical and executive audiences

Effectively communicate findings and strategy to client stakeholders including technical staff, executive leadership, and legal counsel

Use formal project management skills in planning, tracking, and reporting to close the remediation loop

Recognize and safely utilize attacker tools, tactics, and procedures used to perform analysis and identify vulnerabilities

Develop scripts, tools, or methodologies to improve HelloFresh's Vulnerability Management Program

Sound a-peeling? Here's what we're looking for

4-7 years' experience demonstrating above average ability in any 4 of the following areas of offensive security: Network, Wireless, Cloud, Web, Mobile, API Assessments, Source Code Review, Red Teaming, Social Engineering

Thorough understanding of network protocols, data on the wire, client-server model, application design and architecture, and different classes of application security flaws

Proven proficiency in one modern scripting language like Python or Go

Relevant application penetration testing certifications such as Offensive Security Web Expert (OSWE) certification, GIAC Web Application Penetration Tester (GWAPT), or equivalent mobile/web certification

Participation in web hacking challenges, competitions or bug bounties

Development of tools or plugins used to conduct security testing and analysis

Developing, extending, or modifying exploits, shellcode or exploit tools

Source code review for control flow and security flaws

Strong knowledge of tools used for cloud, wireless, web application, and network security testing

Let’s cut to the cheese, this is why you'll love it here

Box Discount - Amazing discounts on 1 box per week! 75% discount on weekly HelloFresh and Chefs Plate meal kits AND 50% off weekly Factor meal box.

Health & Wellness - Health & Dental benefits from day 1, a Health Spending Account, unlimited access to the Headspace app to meet your self-care needs, and 25% discount on GoodLife fitness memberships!

Vacation & PTO - Time off is also an important part of self-care! We offer generous vacation and PTO to help you create a good work-life balance. 

Family Benefits - A parental leave top-up program for expectant parents.

Growth & Development - We support your career progression and invest in your continued learning through experiences and initiatives owned by our dedicated L&D team

Work Hard & Have Fun - From team socials to engaging company days, you’ll have plenty of opportunity to experience the fun!

Diversity & Inclusion Initiatives - With impactful ERG’s like FreshPride, Women Empowered and LIMES, we are committed to our diversity, equity & inclusion efforts.

Food Puns - this one is kind of a big dill if you haven’t already noticed. We even have some punny meeting room names!

Flexible Hybrid Approach

At HelloFresh, we know that flexible work arrangements are essential in enabling you to do your best work, while balancing your personal and life needs. Offering remote work flexibility, along with the opportunity to interact and collaborate in the office are all a part of creating a great employee experience. 

To meet these needs, we are pleased to provide Flexible Hybrid work. Flexible Hybrid is a people-first approach that is based on choice, trust, personalization, and empowers teams to choose when and how often they work from the office and work from home, in addition to team days and company days. This means a minimum of 2 days in office per week, with most teams in office between 2-3 days a week.

#LI-HYBRID

HelloFresh Canada uses AI-integrated technology to help us process and evaluate applications more efficiently. This includes tools that screen and assess candidate qualifications based on the requirements for this role. While these tools assist our workflow, all final selection decisions are made by our hiring team.

This is a posting for an existing vacancy. We are actively seeking to fill this position.

Toronto, ON Pay Range$122,740—$141,950 CAD

Source: HelloFresh careers

Similar roles