Senior Security Engineer

Senior Security Engineer at Aha!

Aha! is the world's #1 product development software, empowering over 1 million product builders to bring their strategy to life. Our integrated suite includes Aha! Roadmaps, Discovery, Ideas, Whiteboards, Builder, Develop, Teamwork, and Knowledge. We pride ourselves on being a self-funded, profitable, and 100% remote high-growth SaaS company, recognized as one of the best fully remote workplaces. We champion the Bootstrap Movement and have contributed over $1.5M to those in need through Aha! Cares.

Learn more about our mission and values at www.aha.io.

Our Team

The Aha! engineering team is a highly productive, midsized, fully remote group primarily centered around North American time zones to facilitate daily collaboration.

• We help each other grow: We value unique skills and ensure new hires feel valued from day one, with an onboarding program that encourages immediate codebase contributions.
• We move quickly: We ship code multiple times a day, focusing on delivering valuable features and iteratively improving based on customer feedback.
• We value product over process: We minimize overhead through clear goals, avoiding heavyweight processes and excessive meetings, allowing the team to focus on solving complex challenges.
• We share knowledge freely: We share our learnings internally and with the broader developer community, demonstrating our approach to interesting challenges on our engineering blog.
• We enjoy: We love what we do and foster an environment where teammates can enjoy their work and their team.

Explore The Responsive Method, our company values, and the generous benefits we offer.

Our Technology

Our web application features a single-instance, multitenant Ruby on Rails monolith. It's supported by Postgres for the database, Redis for background jobs, Kafka for event processing, and Memcached for Rails caching. We also utilize a Node.js webserver to power collaborative editing and real-time updates. Our application is hosted on Amazon Web Services (AWS) and structured with ECS for enhanced reproducibility and scalability.

On the front end, we are increasingly leveraging React to build rich client-side experiences, including our fully collaborative text editor and slide presentation editor. We effectively balance the strengths of both technologies: Rails for its conventions and simplicity, and React for more powerful interactive functionality.

Our teammates readily adopt new technologies that enhance our product suite, always considering the maintenance overhead. Our focus is on solving immediate problems rather than premature optimization.

We use Aha! Roadmaps for planning and collaboration, and Aha! Develop enables our software engineers to utilize these features. Slack and Zoom are our primary tools for communication; email is rarely used.

Your Experience

This role's primary focus is web application security, requiring deep knowledge of vulnerabilities and effective mitigations. You should be adept at securing data in multitenant architectures and experienced in guiding engineers to build secure applications.

We believe that being a kind, humble, and collaborative team player is as crucial as technical prowess. You enjoy problem-solving regardless of the technologies involved and have experience working at meaningful scale.

Required skills and experience:

• Four+ years of experience in application security.
• Active collaboration with engineering and product teams.
• Experience with security reviews or threat modeling for full-stack web applications.
• Familiarity with security tools such as CodeQL or Burp Suite.
• Experience with Ruby on Rails is a plus.

Your Work at Aha!

The security team at Aha! works across our entire product suite, providing comprehensive guidance to the larger engineering team across the full stack. We are deeply committed to data security and mutual support. As a Senior Security Engineer, your responsibilities will include:

• Identifying application security threats and developing early mitigations.
• Improving and maintaining security code scanning tools.
• Contributing to application security scanning and testing efforts.
• Developing and sharing secure patterns internally for ongoing team education.

If this Senior Security Engineer role aligns with your aspirations, we encourage you to apply. A real human reviews every application.

Grow with Us

We are dedicated to helping everyone achieve their fullest potential. At Aha!, we believe that meaningful work with valued colleagues in a high-growth environment fosters engagement and vitality.

We offer comprehensive benefits beyond typical expectations, including profit sharing. The U.S.-based benefits outlined below are largely extended to international teammates:

• The base salary range for this role in the U.S. is between $110,000 and $190,000.
• Cash compensation also includes profit sharing, with a monthly percentage of your total pay contributed to your retirement.
• Medical, dental, and vision plans (100% premium coverage for many teammates).
• Up to 200 hours of paid time off annually.
• 30 to 90 days of paid parental leave; five to 10 days of paid care and bereavement leave.
• Up to $1,000 annually for third-party education, plus paid time off for learning immersion.
• Throughout the year, participate in volunteer opportunities.

Base salary and total compensation are determined by factors such as skills, experience, and relevant past roles.

Key skills/competency

• Application Security
• Web Application Security
• Vulnerability Management
• Threat Modeling
• Security Engineering
• Ruby on Rails Security
• AWS Security
• Code Scanning
• Burp Suite
• Multitenant Architecture