Sr. Security Engineer

Sr. Security Engineer at Aha!

Aha! is the world's #1 product development software, empowering over 1 million product builders to bring their strategy to life. Our integrated tools span discovery to delivery, including Aha! Roadmaps, Aha! Discovery, Aha! Ideas, Aha! Whiteboards, Aha! Builder, Aha! Develop, Aha! Teamwork, and Aha! Knowledge. Product teams rely on our expertise, AI assistant, and training programs via Aha! Academy. We are a self-funded, profitable, and 100% remote high-growth SaaS company, recognized as one of the best fully remote workplaces. We champion the Bootstrap Movement and have contributed over $1.5M to people in need through Aha! Cares.

Our Team

The Aha! engineering team is a highly productive, midsized, and fully remote group, centered around North American time zones for collaborative work. We foster an environment where teammates feel valued and can grow, with an onboarding program designed for immediate contribution. We prioritize speed, shipping code multiple times a day to deliver valuable features and iteratively improve based on customer feedback. Our focus is on product over process, minimizing overhead through clear goals and avoiding excessive meetings. We share knowledge freely within the team and with the developer community, demonstrated by our engineering blog. We enjoy our work and strive for a fulfilling team experience, adhering to The Responsive Method and offering generous benefits.

Our Technology

Our core web application is a single-instance, multitenant Ruby on Rails monolith. It's supported by Postgres for the database, Redis for background jobs, Kafka for event processing, and Memcached for Rails caching. A Node.js webserver facilitates collaborative editing and real-time updates. The application is hosted on Amazon Web Services (AWS) and architected with ECS for reproducibility and scalability.

We increasingly use React on the front end for rich client-side experiences, such as our collaborative text and slide presentation editors. We leverage the strengths of both Rails for its conventions and simplicity, and React for powerful interactive functionality. Teammates embrace new technologies that enhance our product suite, always considering the maintenance overhead. We focus on solving present problems rather than prematurely optimizing for potential future issues.

Most planning and collaboration happen in Aha! Roadmaps, and we developed Aha! Develop to extend these features to software engineers. We use Slack and Zoom for communication, rarely relying on email.

Your Experience

The Sr. Security Engineer role's primary focus is web application security, requiring deep knowledge of vulnerabilities and effective mitigations. You should be adept at securing data in multitenant architectures and have experience guiding engineers in building secure applications.

We seek a kind, humble, eager-to-learn, and helpful individual who elevates the team. You enjoy problem-solving across various technologies and have experience working at meaningful scale. You also possess the following:

• Four+ years of experience working in application security
• Active collaboration with engineering and product teams
• Experience with security reviews or threat modeling for full-stack web applications
• Experience with security tools such as CodeQL or Burp Suite
• Experience with Ruby on Rails is a plus

Your Work at Aha!

The security team works across all Aha! products, providing guidance to the larger engineering team across the full stack. We are passionate about data security and mutual support. As a Sr. Security Engineer, your responsibilities will include:

• Identifying application security threats and mitigations early
• Improving and maintaining security code scanning tools
• Contributing to application security scanning or testing
• Developing and sharing secure patterns internally for ongoing education

If this Sr. Security Engineer role appeals to you, we encourage you to apply. A real human reviews every application.

Grow With Us

At Aha!, we believe everyone deserves to reach their fullest potential. We find engagement and vitality through meaningful work with valued colleagues in a high-growth environment, which drives our best performance.

We offer comprehensive benefits, including profit sharing. The listed benefits are for U.S.-based hires, with identical benefits extended to international teammates where possible.

• The base salary range for this role in the U.S. is between $110,000 and $190,000
• Cash-based compensation also includes profit sharing, with a percentage of total pay contributed monthly to retirement
• Medical, dental, and vision plans (100% premium coverage for many teammates)
• Up to 200 hours of paid time off annually
• 30 to 90 days of paid parental leave; five to 10 days of paid care and bereavement leave
• Up to $1,000 annually for third-party education, plus paid time off for learning
• Volunteer opportunities throughout the year

Base salary and total compensation depend on skills, experience, and relevant past roles.

Key skills/competency

• Application Security
• Web Vulnerabilities
• Threat Modeling
• Security Reviews
• Ruby on Rails
• CodeQL
• Burp Suite
• Multitenant Architecture
• Data Security
• AWS Security