Job Description

• Remote, India

Apollo.io is the leading go-to-market solution for revenue teams, trusted by over 500,000 companies and millions of users globally, from rapidly growing startups to some of the world's largest enterprises. Apollo.io provides sales and marketing teams with easy access to verified contact data for over 270 million B2B contacts, along with tools to engage and convert these contacts in one unified platform. By helping revenue professionals find the most accurate contact information and automating the outreach process, Apollo.io turns prospects into customers. Apollo raised a series D in 2023 and is backed by top-tier investors, including Sequoia Capital, Bain Capital Ventures, and more, and counts the former President and COO of Hubspot, JD Sherman, among its board members. Apollo.io is growing rapidly, with 900% revenue growth since 2021, and is looking for world-class talent to keep building with us.

Your Role & Mission

The Senior Application Security Engineer will work with product and engineering to create a secure SDLC, design security features and implement tools, education and processes to reduce risk of security issues in the tech stack.

Responsibilities

• Select or build tooling to help developers build secure code
• Provide overall security architectural advice to Engineering and IT
• Manage issues sourced from penetration tests and bug bounty programs 
•  Participate in the security champions program
• Help Product, Engineering and IT incorporate security requirements into new products from inception
• Assist in the creation and maintenance of Security Risk Models for new projects and existing systems

Skills & Competencies

• 5+ Years of Web Application Security experience
• Strong experience with vulnerability management, or penetration testing is required.
• Extensive experience in conducting Architectural Reviews and Threat Models frequently is required. 
• Strong knowledge of common AppSec issues and tooling (e.g. SCA, SAST, DAST)
• Strong Linux knowledge is a plus. 
• Experience with cloud services, ideally GCP is plus. 
• Strong software development skills ideally in Ruby, Node Secondary
• Strong Communication and Influencing skills
• Should have worked in SaaS environment. 
• Should have extensive knowledge of Open Redirect, OAuth, and CSRF. 
• Certifications: OSCP/OSWE/CEH: At least 1 Certification is a plus.