What are the responsibilities and job description for the Sr. Testing Engineer - Security position at AppFolio?
Hi, We’re AppFolio
We’re innovators, changemakers, and collaborators. We’re more than just a software company – we’re pioneers in cloud and AI who deliver magical experiences that make our customers’ lives easier. We’re revolutionizing how people do business in the real estate industry, and we want your ideas, enthusiasm, and passion to help us keep innovating.
The Senior Test Engineer - Security is responsible for developing, implementing, and maintaining an adversarial security test program to help ensure that AppFolio’s software products and features are secure for our customers.
Your impact
- Develop and maintain methodologies and procedures in support of a world-class adversarial security program
- Research, plan, and execute penetration testing and red team operations to identify software/network/cloud vulnerabilities and other weaknesses in security controls
- Communicate risks to stakeholders and software/network engineers, advocating for mitigation
Must have
- 7 or more years experience on a pen test team or red team
- Hands-on experience performing pen tests with web application penetration testing tools (e.g., Burp Proxy Suite, OWASP ZAP)
- Hands-on experience with multi-function penetration testing tools (e.g., Kali Linux, Metasploit, Nmap, Wireshark, Aircrack-ng)
- Hands-on experience identifying, rating, and triaging web application security vulnerabilities (such as the OWASP Top Ten)
- Hands-on experience developing adversary courses of action using MITRE ATT&CK or similar frameworks
- Hands-on experience executing penetration testing tactics, techniques, and procedures used to identify vulnerabilities in web applications, servers, cloud infrastructure, and on-premises network infrastructure
- Strong programming/scripting skills
- Experience delivering findings to stakeholders and consulting with teams to get vulnerabilities addressed
- Excellent verbal and written communication skills
- Data-driven decision making and teamwork skills
- Hands on experience building and growing a penetration testing program combined with a willingness to build and lead our team
- Strong organizational skills e.g. project management, time management
Nice to have
- Bachelor’s degree in Computer Science, Computer Engineering, or Electrical Engineering
- Certifications relevant to adversarial security testing, like CEH, Pentest , GPEN, and/or OSCP
Compensation & Benefits
The base salary/hourly wage that we reasonably expect to pay for this role is: $125,600-$157,000
The actual base salary/hourly wage for this role will be determined by a variety of factors, including but not limited to: the candidate’s skills, education, experience, etc.
Please note that base pay is one important aspect of a compelling Total Rewards package. The base pay range indicated here does not include any additional benefits or bonuses/commissions that you may be eligible for based on your role and/or employment type.
Regular full-time employees are eligible for benefits - see here.
Salary : $125,600 - $157,000
