Lead Application Security Engineer

About ngrok Inc. ngrok is simplified, API-first ingress-as-a-service trusted by over 5M developers to get their apps online faster and keep security happy. With one line of code, developers get instant ingress to services with authentication, observability, and other critical controls. All without provisioning legacy proxies, load balancers or VPNs. ngrok’s simplicity has made it a de-facto standard tool among developers, and the world’s top brands — including GitHub, Okta, Shopify, and Twilio — recommend it throughout their documentation. Our employees are low-ego, curious learners with a passion for developer-first tooling. We use our engineering values steward , replenish , engineer , and be there to guide our work. As a company, we set aside an hour each fortnight for shared introspection about anxieties and excitement, both personal and professional. We’re building an inclusive, remote-first organization that sets each individual up to be their best self. We believe the total addressable market for ngrok is in excess of $73 billion and are increasing our growth to capture that. The opportunity We are looking for an exceptional Lead Application Security Engineer to kickstart ngrok’s security engineering capabilities. This individual will be responsible for building a scalable application security program and ensuring the continuous security of ngrok products. To succeed in this role, this engineer will need to drive security into development by performing architecture and design reviews, threat modeling, code reviews, and application security testing. They will need to develop partnerships with engineering and product teams to diagnose, document and remediate any security vulnerabilities identified. It will be important for this person to implement easy ways for developers to adopt secure development practices. What you'll accomplish Within 30 days Assess the state of application security processes and tooling Build relationships with key stakeholders Understand ngrok’s goals and annual objectives. Deep dive on the product and engineering roadmaps Begin building a long term plan to uplevel ngrok’s application security program Within 6 months Expand upon ngrok’s understanding of our security risk Complete long term application security plan and begin executing against it Facilitate the security baked into our applications throughout the software development lifecycle Perform security reviews and provide guidance for new products and existing systems. Work with engineering to detail any issues found, provide recommendations, and validate that they’ve been resolved. Develop security tools and processes with an emphasis on self-service, automation, performance, and scalability. Design, implement, and operate a secure development life cycle (design reviews, CI / CD integrations, bug bounty program). Recommend and validate security improvements across our stack Assist with customer / vendor / compliance security requirement implementation and assessments as needed. Within 1 year Determine the application security program strategy Define and operationalize key success metrics for the app sec program Create secure libraries and tooling as a foundation for our engineering teams as needed Skills 5-10 years of experience in product or application security Experience in assessing product features before release to ensure desired security posture Experience in building application security capabilities in prior roles Demonstrable knowledge of OWASP Top 10 and attack vectors and an understanding of container security (Kubernetes, Docker) Comfortable with Go, Rust, TypeScript, and Terraform codebases Good verbal and written communication skills that enable you to share and present your ideas with the engineering team Prior experience in a startup with a passion for big challenges, technology and a good sense of humor All candidates must be US-based, and legally authorized to work in the United States. If your experience is close but doesn’t fulfill all requirements, please apply. ngrok is on a mission to build a special company. To achieve our goal, we are focused on hiring people with different backgrounds, perspectives, and experiences! Benefits Compensation for this role depends on level, but we provide a competitive mix of salary and equity. We provide a 401(k) with a 100% match up to 3% of your salary and a 50% match up to another 2%. We provide healthcare, dental, and vision with premiums fully covered on the base plan for employees. Half of premiums are covered for dependents. We offer unlimited PTO and a culture in which the overwhelming majority of employees take more than four weeks. Your manager is also on the hook for encouraging you to do the same. #LI-Remote