Sr. Security Engineer

About Aha!

Aha! is the world's #1 product development software, empowering over 1 million product builders to bring their strategy to life. Our integrated tools cover the entire product lifecycle from discovery to delivery, including Aha! Roadmaps, Aha! Discovery, Aha! Ideas, Aha! Whiteboards, Aha! Builder, Aha! Develop, Aha! Teamwork, and Aha! Knowledge. Product teams leverage our expertise, AI assistant, and training via Aha! Academy. We are a unique, high-growth SaaS company, self-funded, profitable, and 100% remote. Recognized as a top fully remote employer, we champion the Bootstrap Movement and have contributed over $1.5M to those in need through Aha! Cares. Learn more at www.aha.io.

Our Team

The Aha! engineering team is a productive, midsized, fully remote group primarily centered around North American time zones to facilitate collaboration. We foster a supportive environment where teammates are valued, onboarding ensures immediate contribution, and continuous growth is encouraged. We prioritize speed, shipping code multiple times daily to iteratively improve features based on customer feedback. Our focus is on product over rigid process, minimizing overhead with clear goals. We freely share knowledge internally and with the developer community, as demonstrated by our engineering blog. Most importantly, we enjoy our work and strive for a positive team experience.

Our Technology

Our core web application is a single-instance, multitenant Ruby on Rails monolith. It's supported by Postgres for the database, Redis for background jobs, Kafka for event processing, and Memcached for Rails caching. We also utilize a Node.js webserver for collaborative editing and real-time updates. The application is hosted on Amazon Web Services, with an architecture designed for reproducibility and scalability using ECS.

We increasingly use React on the front end to develop rich client-side experiences, such as our collaborative text and slide presentation editors. We strategically balance Rails' conventions and simplicity with React's powerful interactive capabilities. Our team embraces new technologies that enhance our product suite while remaining mindful of maintenance overhead, focusing on solving current problems rather than premature optimization.

Planning and collaboration are primarily conducted within Aha! Roadmaps, and we developed Aha! Develop to extend these features to software engineers. Communication primarily uses Slack and Zoom for video calls, with email being rarely used.

Your Experience

The Sr. Security Engineer role's primary focus is web application security, requiring deep knowledge of vulnerabilities and effective mitigations. You should be adept at securing data within multitenant architectures and experienced in guiding engineers to build secure applications.

Skills

Beyond technical prowess, we highly value kindness and a collaborative spirit. You are humble, eager to learn, and always willing to assist others. You thrive with teammates who enjoy problem-solving across various technologies. You have prior experience operating at meaningful scale and are eager to do so again. Specific experience and skills include:

• Four+ years of experience working in application security
• Active collaboration with engineering and product teams
• Experience with security reviews or threat modeling for full-stack web applications
• Proficiency with security tools such as CodeQL or Burp Suite
• Experience with Ruby on Rails is a significant advantage

Your Work at Aha!

The security team collaborates across our product suite, offering guidance to the broader engineering team throughout the full stack. We are deeply committed to data security and mutual support. As a Sr. Security Engineer, your responsibilities will include:

• Proactively identifying application security threats and developing mitigations
• Enhancing and maintaining security code scanning tools
• Contributing to application security scanning and testing initiatives
• Developing and sharing secure coding patterns and best practices internally for ongoing education

If the Sr. Security Engineer role aligns with your aspirations, we encourage you to apply. A human reviews every application.

Grow With Us

We believe everyone deserves to reach their full potential. Engaging in meaningful work with supportive colleagues in a high-growth environment fosters engagement and vitality. This philosophy drives our team and empowers us to achieve our best. We offer comprehensive benefits, including profit sharing. The U.S.-based benefits listed below are largely extended to international teammates.

• Base salary range for U.S. hires: $110,000 to $190,000
• Cash-based compensation includes profit sharing, with a monthly percentage of total pay contributed to your retirement
• Medical, dental, and vision plans (100% premium coverage for many teammates)
• Up to 200 hours of paid time off annually
• 30 to 90 days of paid parental leave; five to 10 days of paid care and bereavement leave
• Up to $1,000 annually for third-party education, plus paid time off for learning
• Opportunities for volunteerism throughout the year

Base salary and total compensation are determined by factors such as skills, experience, and relevant past roles.

Key skills/competency

• Application Security
• Web Application Vulnerabilities
• Threat Modeling
• Security Reviews
• Code Scanning Tools
• Multitenant Architecture Security
• Ruby on Rails Security
• Burp Suite
• CodeQL
• AWS Security