Senior Application Security Engineer II

Meet Upside:

We created Upside to transform brick-and-mortar commerce. Our technology uses the sophistication of online retail—profit measurement, attribution, and incrementality—to provide users with more value on their everyday purchases and brick-and-mortar businesses with new, profitable customers. We’ve helped millions of users earn 2 to 3 times more cashback than any other product, and hundreds of thousands of brick-and-mortar businesses earn measurable profit. Billions of dollars in commerce run through the Upside platform every year, and that value goes directly back to our retailer partners, the consumers they serve, and important sustainability initiatives.

The Impact You’ll Make:

You’ll report into the Director, Information Security and build relationships with technology stakeholders. You’ll leverage your knowledge of secure code practices and payment systems to identify and remediate application vulnerabilities. This individual contributor role will innovate for our AppSec team, increase our AppSec posture and enable our engineers to code safely.

Innovate with AI and deliver security solutions to mitigate application vulnerabilities

Run security code tests (SAST, SCA) and partner with engineers to remediate unsafe code

Create threat models and engage technology teams to review and document risks

Guide leadership on security architecture, design and best AppSec practices

Train and upskill engineers on safe coding and vulnerability management

Assist penetration testing initiatives and/or help manage bug bounties

Support administration of AWS Control Tower and IAM provisioning

Interact with the security community and keep aware of trends

Competencies You'll Need:

6+ years of application or product security inclusive of reviewing Python code

Experience with innovating and delivering solutions related to vulnerability management

Deep knowledge of AWS and Lambda security architecture and AWS Control Tower

Strong understanding and adoption of AI technologies

Bachelor’s degree in Computer Science or Engineering highly preferred

Exceptional customer service and people skills

Tools We Use:

Github Suite (Advanced Security, Actions, Copilot)

Python

Terraform

AWS Lambda, DynamoDB, S3, SNS, SQS, IAM, VPCs

ChatGPT

Snowflake

SQL

Location:

This hybrid role is based in our Austin, Chicago, DC, or NYC office. In-office attendance is required on Monday, Tuesday, and Thursday, and may increase based on project-based needs and changes to Upside’s in-office policy over time.

Compensation:

The U.S. base salary range for this full-time position is $200,000 - $221,000 + equity + benefits. The final starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. Your recruiter can share more about the specific salary range during the hiring process.

Benefits:

Medical, dental, and vision coverage starting on Day 1

Equity (ISOs)

401(k) program

Family planning programs + paid parental leave

Physical fitness and wellness memberships

Emotional and mental health support programs

Unlimited PTO + 10 paid federal holidays + our annual, week-long Winter Break

Flexible work environment

Lunch reimbursement for in-office employees

Employee Resource Groups

Learning and Development stipend

Transparent culture

Amazing mission!

Diversity and Inclusion:

Diversity drives innovation, and our differences make us stronger. We‘re passionate about building a workplace that represents a variety of backgrounds, skills, and perspectives, and we do not discriminate based on race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. Everyone is welcome here!

If there's anything we can do to support a disability or special need during your application or interview process, please email .

Notice To Recruiters And Placement Agencies:

This is an in-house search with a dedicated recruiter. Please do not submit resumes to any person or email address at Upside. Upside is not liable for, and will not pay, placement fees for candidates submitted by any party or agency other than its approved recruitment partners.