Sr. Security Engineer

Sr. Security Engineer at Aha!

Aha! is the world's #1 product development software, helping over 1 million product builders bring their strategy to life. Our integrated tools empower teams from discovery to delivery, including Aha! Roadmaps, Aha! Discovery, Aha! Ideas, Aha! Whiteboards, Aha! Builder, Aha! Develop, Aha! Teamwork, and Aha! Knowledge. Product teams rely on our expertise, AI assistant, and training programs via Aha! Academy. We are a self-funded, profitable, and 100% remote SaaS company, recognized as a top remote workplace and champion of the Bootstrap Movement. We've given over $1.5M to people in need through Aha! Cares. Learn more at www.aha.io.

Our Team

The Aha! engineering team is a midsized, highly productive, fully remote group centered around North American time zones for seamless collaboration.

• We help each other grow: We value unique skills and ensure new hires contribute quickly through our onboarding program.
• We move quickly: We ship code multiple times daily, focusing on customer-valuable features and iterative improvements.
• We value product over process: We minimize overhead with clear goals, avoiding heavy processes and excessive meetings to let the team focus on complex challenges.
• We share knowledge freely: We share our learnings internally and with the developer community, demonstrated on our engineering blog.
• We enjoy: We love what we do and want you to love your team and your job too. Learn more about The Responsive Method, our company values, and generous benefits.

Our Technology

Our web application is a single-instance, multitenant Ruby on Rails monolith, supported by Postgres (database), Redis (background jobs), Kafka (event processing), and Memcached (Rails caching). We also run a Node.js webserver for collaborative editing and real-time updates. Our application is hosted on Amazon Web Services, architected with ECS for reproducibility and scalability.

We use a growing amount of React on the front end for rich client-side experiences, including our fully collaborative text editor and slide presentation editor. We balance Rails for its conventions and simplicity with React for powerful interactive functionality.

Teammates embrace new technologies that deliver a lovable product suite, while remaining mindful of maintenance overhead. We solve immediate problems without premature optimization.

We do most planning and collaboration in Aha! Roadmaps and use Aha! Develop for engineers. We use Slack and Zoom for video calls, rarely email.

Your Experience

The primary focus of this Sr. Security Engineer role is web application security, requiring deep knowledge of vulnerabilities and mitigations. You are familiar with securing data in multitenant architectures and have helped engineers build secure applications.

Skills:

We believe kindness and elevating the team are as valuable as great code. You are humble, eager to learn, and always willing to help. You enjoy solving problems regardless of technology. You have worked at meaningful scale and wish to do so again. You also have the following experience and skills:

• Four+ years of experience working in application security
• Active collaborator with engineering and product teams
• Experience with security reviews or threat modeling for a full-stack web application
• Experience with security tools such as CodeQL or Burp Suite
• Experience with Ruby on Rails is a plus

Your Work at Aha!

The security team works across our suite of products, providing guidance for the larger engineering team across the full stack. We are passionate about data security and mutual support. As a Sr. Security Engineer, your work will include:

• Identifying application security threats and mitigations early
• Improving and maintaining security code scanning tools
• Contributing to application security scanning or testing
• Developing and sharing secure patterns internally for ongoing education

If the Sr. Security Engineer role sounds appealing, we would love to hear from you. (A real human reviews every application.)

Grow with Us

Everyone deserves to reach their fullest potential. Doing work that matters with people we care about in a high-growth environment keeps us engaged and alive. This is why we joined Aha! and how we achieve our best.

We offer expected benefits and more, including profit sharing. The U.S.-based benefits listed below are largely extended to international teammates:

• Base salary range for this role in the U.S.: $110,000 - $190,000
• Cash-based compensation also includes profit sharing, and monthly retirement contributions
• Medical, dental, and vision plans (many teammates receive 100% premium coverage)
• Up to 200 hours of paid time off annually
• 30 to 90 days of paid parental leave; five to 10 days of paid care and bereavement leave
• Up to $1,000 annually for third-party education, plus paid time off for learning
• Volunteer opportunities throughout the year

Base salary and total compensation depend on skills, experience, and relevant past roles.

Key skills/competency

• Application Security
• Web Security
• Vulnerability Management
• Threat Modeling
• Security Tools
• Ruby on Rails
• Data Security
• Code Scanning
• Cloud Security
• Multitenant Architecture