Sr. Security Engineer

Sr. Security Engineer at Aha!

Aha! is the world's #1 product development software, empowering over 1 million product builders to bring their strategies to life. Our integrated suite includes Aha! Roadmaps, Aha! Discovery, Aha! Ideas, Aha! Whiteboards, Aha! Builder, Aha! Develop, Aha! Teamwork, and Aha! Knowledge. We are a self-funded, profitable, and 100% remote company, recognized as a top remote employer and a champion of the Bootstrap Movement. We also give back through Aha! Cares.

Our Team

The Aha! engineering team is a highly productive, midsized, fully remote group, centered around North American time zones for seamless collaboration.

• We help each other grow: We value unique skills and ensure new hires contribute quickly through our onboarding program.
• We move quickly: We ship code multiple times daily, focusing on iterative improvements based on customer feedback.
• We value product over process: We minimize overhead, setting clear goals to allow focus on complex challenges.
• We share knowledge freely: We share our learnings internally and with the broader developer community through our engineering blog.
• We enjoy: We love our work and aim for every teammate to enjoy their role and team. Learn more about The Responsive Method, our company values, and generous benefits.

Our Technology

Our core web application is a single-instance, multitenant Ruby on Rails monolith. It's supported by Postgres for the database, Redis for background jobs, Kafka for event processing, and Memcached for Rails caching. We also utilize a Node.js webserver for collaborative editing and real-time updates. Our application is hosted on Amazon Web Services, using ECS for reproducibility and scalability.

On the front end, we use a growing amount of React to build rich client-side experiences, including our fully collaborative text and slide presentation editors. We strategically balance Rails for its conventions and simplicity with React for powerful interactive functionality.

We embrace new technologies that enhance our product suite while being mindful of maintenance overhead. Our focus is on solving immediate problems efficiently rather than premature optimization.

Planning and collaboration primarily happen in Aha! Roadmaps, and we built Aha! Develop for our engineering teams. We use Slack and Zoom for video calls, rarely resorting to email.

Your Experience

This role primarily focuses on web application security, requiring deep knowledge of vulnerabilities and mitigation strategies. You should be adept at securing data in multitenant architectures and have experience guiding engineers in building secure applications.

Skills:

Beyond technical prowess, we seek kind collaborators who elevate the team. You are humble, eager to learn, and always willing to help. You enjoy problem-solving across various technologies and have experience working at a meaningful scale.

• Four+ years of experience in application security.
• Active collaborator with engineering and product teams.
• Experience with security reviews or threat modeling for full-stack web applications.
• Familiarity with security tools such as CodeQL or Burp Suite.
• Experience with Ruby on Rails is a plus.

Your Work at Aha!

The security team provides guidance across our product suite and supports the larger engineering team across the full stack. We are passionate about data security and mutual support. As a Sr. Security Engineer, your responsibilities will include:

• Identifying application security threats and proposing early mitigations.
• Improving and maintaining security code scanning tools.
• Contributing to application security scanning and testing initiatives.
• Developing and sharing secure patterns internally for ongoing education.

If the Sr. Security Engineer role sounds appealing, we encourage you to apply. A real human reviews every application.

Grow with Us

We believe everyone deserves to reach their fullest potential. Working on meaningful projects with valued colleagues in a high-growth environment fosters engagement and vitality – this is the Aha! experience.

We offer comprehensive benefits beyond the expected, including profit sharing. The benefits listed below are for U.S.-based hires, with similar efforts made for international teammates.

• Base salary range in the U.S. is between $110,000 and $190,000.
• Cash-based compensation also includes profit sharing, with a monthly percentage of total pay contributed to your retirement.
• Medical, dental, and vision plans (100% premium coverage for many teammates).
• Up to 200 hours of paid time off annually.
• 30 to 90 days of paid parental leave; five to 10 days of paid care and bereavement leave.
• Up to $1,000 annually for third-party education, plus paid time off for learning immersion.
• Throughout the year, volunteer opportunities are available.

Base salary and total compensation depend on various factors, including skills, experience, and relevant past roles.

Key skills/competency

• Application Security
• Web Application Vulnerabilities
• Threat Modeling
• Security Code Scanning
• Ruby on Rails Security
• AWS Security
• Multitenant Architecture Security
• Data Security
• CodeQL
• Burp Suite