Principal Application Security Engineer

Binti builds modern software to help every child have a safe, loving, and stable family. Working with county and state governments across 36 states, Binti's tools improve the child welfare system. The 500+ agencies using Binti serve about 42% of children in child welfare in the US, and agencies using Binti have increased the number of approved families by an average of 30%, making a real dent in the shortage of foster/adoptive parents for children in the US. Beyond helping families foster/adopt children, Binti is launching software to support families who are struggling to get the services they need to stay together with or reunify with their children.

Binti is a for-profit, mission-driven software company based in Oakland, CA. Investors include Founders Fund, First Round Capital, Kapor Capital, and others. We’re a team of 90+ people and growing quickly. We care about creating a workplace where everyone feels welcome and can bring their full self to work. We have a huge, ambitious vision to rewire government to be more effective in expanding opportunities for people around the world, and we are looking for mission-driven, high-empathy, high-performance, and low-ego team members to join us on our exciting journey towards that vision.

OVERVIEW OF ROLE

As Binti's first Principal Application Security Engineer, reporting to our VP of Engineering, you will play a critical role in ensuring the security and integrity of our software applications. You will work collaboratively with cross-functional teams to identify and address potential security vulnerabilities, implement best practices, and contribute to the development of secure coding standards.

WHAT YOU WILL DO

1. Conduct Security Assessments: Provide holistic assessments of Binti’s security stance, including performing regular security reviews, code audits, penetration testing, and threat modeling to maintain the highest standard of application security.

2. Set Direction: Help Binti chart a specific course of action to achieve the security stance we desire. This includes scoping and prioritizing work, determining what levels of investment and risk we should take on given our scale and capacity, and building relationships across teams to effectively communicate and advocate for these goals.

3. Respond To Incidents: Respond promptly to security incidents, collaborate with engineers on-call, and provide detailed post-event analyses. Evaluate the applicability of emergent security concerns through risk rating and assessment (such as OWASP).

4. Improve Security Architecture: Work with engineering to identify, design, and implement technologies to enhance security automation, both for the software development lifecycle and cloud hosting environments.

5. Set Security Standards: Lead efforts to design and implement secure coding standards and best practices across the development lifecycle, including automating processes as makes sense to ensure comprehensive coverage.

6. Share Expertise: Stay up to date on the latest security threats, vulnerabilities, and industry best practices, and ensure the integration of this knowledge into Binti’s security strategies. Act as our company’s expert on application security matters, providing mentorship to development teams and fostering a scalable, security-aware culture.

TECH STACK

• Ruby on Rails
• Redis
• Postgres, hosted with GCP
• Javascript (React + Node)
• Google Cloud
• Kubernetes
• Pulumi

SAMPLE PROJECTS

• Review and implement security patches and hotfixes in production applications.
• Implement streamlined feedback of security recommendations for new products before launch into the Binti platform.
• Improve the security of documents and files uploaded and downloaded on the platform.
• Analysis, scoping, and implementation of security improvements to better protect Personal Health Information and Personally Identifiable Information stored within the product.
• Improve notification and escalation of security concerns from third parties (such as security researchers).
• Integration of new and existing logging and alerting systems to centralized and/or decentralized Security Incident and Event Management (SIEM) platforms.
• Assess backlog of application-specific security tickets and provide recommendations for remediation.
• Support evidence collection for compliance frameworks such as SOC 2 Type II and HIPAA.

WHAT WE LOVE ABOUT YOU

• Technical Expertise: Proven experience as an Application Security Engineer or in a similar role. Strong technical background with experience in full-stack development, cloud computing, and scalable architecture. Proficiency in one or more OOP coding languages (Ruby, Python, Java, etc) is strongly preferred.

• Deep Understanding: Strong understanding and knowledge of web application security principles, common vulnerabilities, and best practices.

• Collaborative Approach: Excellent communication skills with the ability to simply convey complex security concepts to non-technical stakeholders and clearly articulate the relative risks and trade-offs.

• Product Orientation: Focused on keeping the company secure while ensuring the team can still ship products and deliver value to customers and users.

• Decisions That Scale: Experience cultivating a security-aware development culture that scales through mentorship and automation.

• Passion for Social Impact: A genuine interest in leveraging technology to address social challenges, with a strong sense of purpose in improving outcomes for children in need.

• Big plus - prior experience with GovTech or FedRamp.

FLEXIBILITY

We offer flexible scheduling for all team members. Ideal candidates will be open to working a schedule that allows real-time collaboration with the team.

LOCATION

This role is open to fully remote candidates authorized to work within the United States. If candidates are in the San Francisco Bay Area, we have an office in Oakland and you can work from the office.

BENEFITS & PERKS

• An above-market compensation package (salary + equity)
• Excellent medical, dental, vision, and life insurance - 99% of insurance premiums covered for you + your dependents
• Flexible vacation time to promote a healthy work-life blend
• 13 paid holidays; 11 federally observed holidays (including Juneteenth), plus Election Day and the day after Thanksgiving
• 16 weeks of paid parental bonding leave for the arrival of a newborn or newly placed infant
• Sick/mental health time separate from vacation days (accrue up to a cap of 160 hours)
• 4 weeks of sabbatical after 4 years of service at the company
• 401k, Commuter benefits, FSA, and DCSA with administration paid for
• $5,000 annual bonus for employees who volunteer as a CASA (court-appointed special advocates)
• $2,500 annual reimbursement for ongoing learning and development, with opportunities to attend trainings/conferences, on-site speaker series, and lunch and learns
• $300 reimbursement for virtual home office setup
• $50 a month remote work stipend to cover internet, electricity, home office setup costs or lunch/snacks with coworkers
• Paid jury duty

At Binti, we celebrate having a diverse team and believe our differences make us stronger. Binti is proud to be an equal-opportunity workplace and is an equal-opportunity employer. We welcome all qualified applicants to apply without regard to race, color, religion, gender, sexual orientation, age, national origin, disability, or protected Veteran status.