Sr. Security Engineer

About Aha!

Aha! is the world's #1 product development software, empowering over 1 million product builders to bring their strategy to life. Our integrated suite of tools includes Aha! Roadmaps, Aha! Discovery, Aha! Ideas, Aha! Whiteboards, Aha! Builder, Aha! Develop, Aha! Teamwork, and Aha! Knowledge. We also provide expertise, an AI assistant, and training via Aha! Academy. Aha! is a self-funded, profitable, and 100% remote high-growth SaaS company, recognized as a top remote workplace and a champion of the Bootstrap Movement, having given over $1.5M to people in need through Aha! Cares. Learn more at www.aha.io.

Our Engineering Team

The Aha! engineering team is a midsized, fully remote, highly productive group primarily centered around North American time zones to facilitate collaboration. We are committed to mutual growth, ensuring new hires contribute quickly through our onboarding program. We prioritize speed, shipping code multiple times daily to iteratively improve features based on customer feedback. We value product over process, minimizing overhead with clear goals and avoiding excessive meetings. Knowledge sharing is key, both internally and with the developer community, as demonstrated on our engineering blog. Most importantly, we enjoy our work and foster an environment where teammates love their job.

Our Technology Stack

Our core web application is a single-instance, multitenant Ruby on Rails monolith. It's supported by robust technologies including Postgres for the database, Redis for background jobs, Kafka for event processing, and Memcached for Rails caching. We also utilize a Node.js webserver for collaborative editing and real-time updates. Hosted on Amazon Web Services, our architecture leverages ECS for reproducibility and scalability.

On the front end, we are increasingly adopting React to build rich client-side experiences, such as our collaborative text editor and slide presentation editor. We skillfully balance the strengths of Rails for its conventions and simplicity, and React for powerful interactive functionality. While embracing new technologies, we remain mindful of maintenance overhead, focusing on solving immediate problems rather than premature optimization.

For internal planning and collaboration, we extensively use Aha! Roadmaps and Aha! Develop. Our primary communication tools are Slack and Zoom; email is rarely used.

Your Role as a Sr. Security Engineer

As a Sr. Security Engineer, your primary focus will be web application security. You should possess deep knowledge of vulnerabilities and their mitigations, with familiarity in securing data within multitenant architectures. Your expertise will guide engineers in building secure applications.

Skills and Qualifications

Beyond technical prowess, we seek kind individuals who elevate their team. You should be humble, eager to learn, and always willing to assist others, enjoying problem-solving regardless of the technologies involved. Experience working at meaningful scale is highly valued. Specifically, candidates should have:

• Four+ years of experience in application security.
• Active collaboration skills with engineering and product teams.
• Experience with security reviews or threat modeling for full-stack web applications.
• Familiarity with security tools such as CodeQL or Burp Suite.
• Experience with Ruby on Rails is a significant plus.

Your Contributions at Aha!

The security team at Aha! works across our entire product suite, providing essential guidance to the larger engineering team. We are passionate about data security and mutual support. In this Sr. Security Engineer role, your responsibilities will include:

• Identifying application security threats and developing effective mitigations early in the development cycle.
• Improving and maintaining our security code scanning tools.
• Actively contributing to application security scanning or testing initiatives.
• Developing and sharing secure patterns internally to foster ongoing education across the engineering team.

If this role excites you, we encourage you to apply. A real human reviews every application!

Grow With Us

Aha! is committed to helping everyone reach their fullest potential. We believe in engaging and impactful work, fostering a high-growth environment where individuals thrive. We offer comprehensive benefits, including profit sharing (U.S.-based details below, with efforts to extend similar benefits globally).

• The base salary range for this role in the U.S. is between $110,000 and $190,000.
• Cash-based compensation also includes profit sharing and monthly retirement contributions.
• Medical, dental, and vision plans (100% premium coverage for many teammates).
• Up to 200 hours of paid time off annually.
• 30 to 90 days of paid parental leave; five to 10 days of paid care and bereavement leave.
• Up to $1,000 annually for third-party education, plus paid time off for learning.
• Volunteer opportunities throughout the year.

Base salary and total compensation depend on skills, experience, and relevant past roles.

Key Skills/Competency

• Application Security
• Web Security
• Vulnerability Assessment
• Threat Modeling
• Security Code Scanning
• Ruby on Rails
• AWS Security
• Postgres Security
• Secure Development Lifecycle
• Incident Response