Sorry. This page is not yet translated.

Brings your life's work together in one digital workspace for storing and sharing.

Application Security Engineer
Redwood City, CA, US
Job Description / Skills Required

The Evernote security team is looking for an application security engineer to join our growing security team. If you like finding security bugs in code, this is the role for you. We use a diverse number of technologies across our web backend and our native clients. You’ll have the opportunity to find security bugs in all of them! You’ll also get to work directly with software engineers to prioritize those bugs, recommend ways to fix them, and validate those fixes.

We also support a community of security researchers that help make Evernote a safer product and service. Chances are you might already be one, and by joining our team, you get to help run our vulnerability disclosure program and work closely with other researchers like yourself.

You’ll be joining a team of senior security professionals that are passionate about providing practical security guidance across the entire company, including our production environment. Our customers trust us with billions of their notes, projects, and ideas and we are here to protect them.

Perform code analysis across all platforms to find security bugs
Develop new processes and tools to identify security flaws in code
Provide detailed and practical bug fix guidance to our engineering teams
Increase our team’s integration into Evernote’s software development lifecycle
Participate in software architecture design discussions
Participate in software feature review discussions
Perform attack surface analysis and lead application security threat modeling exercises
Publish practical secure coding practices for development teams
Teach developers application security fundamentals

BA/BS in Computer Science or equivalent software engineering experience
Skills finding security bugs in several languages, including Java, Javascript, PHP, ObjC, and C++
Understanding of web services architecture and protecting public APIs
Intimately familiar with OWASP Top 10, including detection and prevention mechanisms
Experience in application penetration testing
Experience integrating security into a software development lifecycle
Solid cryptography fundamentals
Experience with code analysis tools
Up-to-date knowledge of the application security threat landscape
Pragmatic approach to security issue prioritization & remediation
We are committed to an inclusive and diverse Evernote. We believe that different perspectives lead to better ideas, and better ideas allow us to better understand the needs and interests of our diverse, global Evernote Community. We welcome people of different backgrounds, experiences, abilities and perspectives and are an equal opportunity employer.
Perks & Benefits

Competitive compensation and equity
Catered lunches, snacks, and beverages
Generous paid time off (PTO)
Great health insurance, dental, vision, and life insurance
Onsite perks: Fitness center, bootcamp, and chair massages
Transportation: Free Caltrain Go Pass and SF shuttle
Fun and entertainment: Tea Time Tuesdays, Iced Coffee Thursdays, Beer o’Clock Fridays