Staff Application Security Engineer @ HoneyBook
Your Application Journey
Email Hiring Manager
Job Details
About HoneyBook
HoneyBook is the leading AI-powered business management platform for service-based business owners. Designed to enhance independent professionals, HoneyBook’s tools help businesses attract leads, connect with clients, book projects, and manage payments efficiently. With strong AI integration, entrepreneurs can scale their businesses with confidence.
Role Overview
As a Staff Application Security Engineer at HoneyBook, you will join the IT and Security team to ensure secure software practices across our products and services. You will collaborate with engineering teams, lead application and API security assessments, and drive our Secure Software Development Lifecycle (SSDLC).
Key Responsibilities
- Collaborate with engineering teams to define and implement remediation strategies.
- Design and drive SSDLC practices including security reviews and threat modelling.
- Conduct threat modeling, architecture reviews, and security assessments.
- Manage HoneyBook’s bug bounty program and maintain AppSec tools.
- Review source code for vulnerabilities and guide remediation efforts.
- Act as the contact for penetration tests and external security assessments.
- Continuously research emerging security trends and frameworks.
- Promote a security culture by educating engineering and DevOps teams.
Qualifications & Experience
- 5+ years in Application Security or Secure Software Development.
- Experience with modern web stacks, cloud-native architectures, APIs, and CI/CD pipelines.
- Strong knowledge of OWASP Top 10 and secure coding practices.
- Experience with security tools (Burp Suite, Oligo, VeraCode, SonarQube, etc.).
- Hands-on code review and static analysis skills in languages like JavaScript, Python, Go.
- Familiarity with AWS and infrastructure-as-code security.
- Experience managing bug bounty programs and third-party testing engagements.
- Excellent communication skills and cross-functional collaboration.
- Certifications such as OSCP, GWAPT, CISSP, or CSSLP are a plus.
The Good Stuff
This role offers competitive salary plus equity, comprehensive benefits, and a mission-driven work culture focused on growth, collaboration and innovation.
Key skills/competency
Application Security, SSDLC, Threat Modeling, Code Review, Cloud Security, Bug Bounty, CI/CD, Security Tools, Vulnerability Assessment, Secure Coding
How to Get Hired at HoneyBook
🎯 Tips for Getting Hired
- Customize your resume: Highlight security experience and SSDLC skills.
- Emphasize technical expertise: Detail cloud, API, and code review experience.
- Showcase collaboration skills: Mention cross-team security initiatives.
- Prepare for interviews: Review application security trends and case studies.