Keeper Security is looking to advance its in-house application security program by hiring an Application Security Engineer to strengthen the security posture of its globally distributed platform through penetration testing, bug bounty management, and security research.
Requirements
- 5+ years of experience in application security or penetration testing roles
- 7+ years of experience with Java (backend) and React (frontend) for security testing and review
- Strong proficiency with tools such as Burp Suite, OWASP ZAP, Metasploit, or similar
- Solid understanding of web application security, OWASP Top 10, and secure coding practices
- Experience managing bug bounty programs (HackerOne, Bugcrowd, etc.)
- Familiarity with common application frameworks, APIs, and cloud-native environments
- Offensive Security certifications (OSCP, OSWE, or equivalent)
Responsibilities
- Perform internal application penetration testing and vulnerability assessments for Java- and React-based applications
- Collaborate with 3rd-party penetration testing firms and validate findings
- Own and manage Keeper’s bug bounty program, including triage and coordination with engineering teams
- Conduct security-focused R&D to identify emerging threats and recommend mitigations
- Work with development teams to integrate security into the SDLC and assist with remediation guidance
- Develop and maintain application security tooling, scripts, and automation where applicable
- Provide clear documentation and reporting of vulnerabilities, risks, and security recommendations
Other
- Strong analytical and problem-solving skills
- Excellent communication skills for working with developers and leadership
- Keeper Security, Inc. is an equal opportunity employer and participant in the U.S. Federal E-Verify program. We celebrate diversity and are committed to creating an inclusive environment for all employees.
