Application Security Engineer

Posted Aug 3

Overview

Onebrief makes military planning seamless and represents a shift in paradigm for future military decisions. It is an all-in-one tool that supports both the creative and process-oriented aspects of military planning. In Onebrief, planners use maps, boards, diagrams, timelines, tables, slide decks and text documents to create their plans—all while sharing a common database. Everything stays in sync, in real time. Our approach has been refined and validated through hundreds of user experiments.

We’re post-revenue ($5M+ in ARR), and our customers include some of the most prestigious military commands around the world. We are backed by Y Combinator (S21) and top-tier VCs, including Caffeinated Capital (Affirm, Docker, Notion, and more). Our elite team combines the best of tech and military talent, including education and experience at Google, Facebook, Twitter, Adobe, MIT, Harvard, Rivian, Delta Force, TOPGUN, and more.

We have a big year ahead of us and can barely keep up with demand. This is an opportunity for you to join us with all the perks of an early employee.

What you will achieve

As an App Security Engineer at Onebrief, you'll regularly assess security, code, and vulnerabilities, and work with the software team to address weaknesses. You'll help implement security policies and procedures according to standards, advise on secure architecture and software design, and keep up-to-date with the latest threats and technologies. You'll also train team members on best practices and respond to incidents.

About You

This is an opportunity for candidates who have experience with cloud security and container security. Who have a strong understanding of application-level security, network security, and operating system security. Who are familiar with security frameworks and have experience with vulnerability management tools, penetration testing tools, and other security testing tools.

The ideal candidate will have a strong understanding of application security principles, how to embed security considerations into the Software Development Life Cycle (SDLC), the ability to read/write code, and a demonstrated track record of managing application security risks in a complex environment.

You will report directly to Dominic Pace, our CISO and Director of Technology Operations

Relevant skills and technologies: Kubernetes, Docker, Helm, Ansible, Linux, VMWare, AWS, Typescript

Qualifications

  • Strong knowledge of application security principles, web vulnerabilities, and threat landscape
  • Familiarity with security frameworks (OWASP, SANS), security controls, and risk management methodologies
  • Proficiency in secure coding practices and experience with various programming languages
  • Strong understanding of CI/CD pipelines and where security checks should be applied
  • Experience with vulnerability management tools, static/dynamic analysis tools, and penetration testing tools
  • Minimum 3 years of experience in application security or related roles. Bachelor's or Master's degree in Computer Science, Information Security, or a related field is desirable
  • Certifications such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Offensive Security Certified Professional (OSCP) are a plus
  • Most importantly, you are a true Onebriefer:
  • You are obsessed with creating value for real users
  • You are ambitious, scrappy, and a creative problem-solver
  • You learn quickly, work iteratively, and naturally seek collaboration
  • You approach your work with integrity, intellectual honesty, and a low ego
  • You communicate frankly, clearly, and succinctly
  • You thrive as a self-starter, embracing autonomy and ambiguity
  • You are a U.S. citizen

About Us

Our team shares a mission, seeks excellence, and plays to win, with the seriousness and camaraderie of an olympic team. We are in this together, not just because Onebrief will one day be 10x the size of Palantir. We are here to radically improve the future of military decisions, so that the coming decades don’t repeat the previous ones.

Here’s what our team members value most about working here:

  • Founders' transparency
  • Product and vision
  • Nimble leadership
  • Challenges and learning opportunities
  • Ownership and autonomy
  • No non-sense policies and procedures
  • Remote-first

What's in it for you

  • $130k-$180k salary/year
  • Equity
  • Remote work, flex time, and unlimited PTO
  • Health, dental, vision, and life insurance
  • 401k
  • Parental leave