Application Security Engineer, Product Security

Mural’s mission is to inspire teams to connect and innovate, while bringing purpose and intention to the craft of collaboration.

Founded in 2011, Mural is a leading innovator in visual collaboration for hybrid, remote, and distributed teams. We believe in what we build, and our team of more than 600 “Muralistas” around the world collaborate in the Mural® app. Our values guide our intentionally inclusive product and culture, which includes collaboration design education and a flexible monthly stipend for learning, wellness, and coworking.

Mural has raised $200M to date and is growing rapidly to fulfill our mission. The company is trusted by 95% of the Fortune 100, including innovative teams at IBM, Intuit, GitLab, Microsoft, and Atlassian.

The product security team plays a vital role in identifying and mitigating risks within the Mural product as well as partnering with other engineering teams to recommend product features that enhance security for our customers. 

As an Application Security Engineer, your role will involve executing the MURAL product security strategy. You will triage and validate public bug bounty submissions, as well as implement SAST test cases in the CI workflow. Collaborating closely with developers, you will work to expand security testing coverage and participate in security reviews of MURAL product features. Additionally, you will play a crucial role in educating and promoting secure coding best practices.

The top candidate will bring experience working with small to medium, high growth, global tech companies:

• Fair understanding of Linux, Networking, and Cryptography fundamentals
• Experience finding vulnerabilities in web applications
• Ability to understand the attacker's perspective
• Prior experience in vulnerability management with SAST/DAST automation
• Ability to read code in TypeScript/JavaScript
• Familiarity with NoSQL and its associated pitfalls
• Ability to code quick scripts / automations
• Excellent command of English, both written and verbal

• Understanding of web application and mobile application security risks
• Software development experience with Node.JS or other frameworks like React, Angular, etc.
• Experience with MongoDB, Ruby, and/or Python
• Fair understanding of Linux, Networking, and Cryptography fundamentals
• Experience with CI/CD pipelines

If you have participated in public or private Bug Bounty programs, or have any other open source or community contributions, presentations, or blog posts in the security space, please share it with us!

Tags