WHO WE ARE:
ActBlue is a nonprofit that builds tech and infrastructure for Democratic campaigns, progressive-aligned causes, and people trying to make an impact in order to fuel long-term, people-powered change. If you’ve ever given online to a Democrat or progressive organization, chances are you’ve used our powerful online fundraising platform.
We put power in the hands of small-dollar donors and help thousands of groups — from presidential candidates to environmental organizations — build grassroots movements. We envision a democracy where everyone looking to make progressive people-powered change can easily and effectively deploy their resources, energy, and creativity to shape our country and futures. Each and every one of us, from the political activists to the tech innovators to the customer service pros, is fully committed to our mission.
We are looking for an Application Security Manager who will lead our team of application security experts, as well as own and drive our Application Security program forward. The ideal candidate will have an expert understanding of Web Application Security and a broad understanding of the wider area of Information Security. You will be responsible for setting the strategy of the team, prioritizing proactive defenses, and performing operational tasks to keep us safe from ever-evolving attacks.
We offer autonomy, responsibility, and amazing in-office and remote colleagues geeking out about politics and tech all day, plus generous benefits. You could work remotely from anywhere in the US, or from our Boston area office in Davis Square.
WHAT YOU WILL DO:
- Oversee a team of Application Security Engineers, who are tasked with securing our mission critical web applications using proactive defenses and real time monitoring and response.
- Develop a robust web app security strategy that adapts to ever changing threats.
- Work closely with our Engineering teams to shift security left and ensure developers have the resources they need to deploy secure code by default.
- Manage the security code review process, utilizing a combination of static analysis, manual review, and dynamic analysis.
- Enlist third party web application penetration testing experts to periodically assess our web applications.
- Manage the acquisition and deployment of tooling and automation for application security including SAST/DAST and dependency vulnerability tools.
- Manage our external bug bounty program.
WHAT YOU BRING:
- A strong background in Web Application Security
- Experience managing and growing a dedicated application security team
- Threat modeling and incident response experience
- A deep interest in following the latest industry advancements in software security
- Knowledge of attacker tactics, techniques, and procedures, and their corresponding mitigation methods
LOCATION AND COMPENSATION:
This posting is for a full-time, remote, salaried position. ActBlue is currently authorized to support remote work employees in California, Colorado, Florida, Georgia, Illinois, Maryland, Massachusetts, Michigan, Minnesota, New Hampshire, New York, Oregon, Pennsylvania, Rhode Island, South Carolina, Texas, Utah, Vermont, Virginia, Washington, Washington D.C., and Wisconsin.
Salary Range: We offer a competitive salary and a generous compensation package, which includes Benefits listed below:
- Flexible work schedules and an unlimited time-off policy
- Fully paid and trans-inclusive health, dental, and vision insurance for employees and their families
- Automatic 2% 401K contribution, plus up to 6% match
- Three months paid parental leave for all new parents, adoptions included; 4 weeks of a fully paid flexible work schedule; plus an additional one week of paid leave and an additional one week of flexible work schedule for every full year the employee has worked for ActBlue
- Commuter or home-office benefits, including a $1,000 home-office setup allowance for all new full-time remote employees
- Additional perks including monthly snack deliveries and digital subscriptions to the Boston Globe & New York Times
ActBlue is unable to sponsor work visas at this time.
Women, people of color, LGBTQIA2S+ individuals, and members of other minority or marginalized groups are strongly encouraged to apply. ActBlue is an equal opportunity employer and does not discriminate against candidates on the basis of race, ethnicity, religion, sex, gender, sexual orientation, gender identity, disability status, or veteran status.
ActBlue is also committed to providing reasonable accommodations to individuals with disabilities throughout the interview and employment process, including using our online system to apply for a position.
OUR ENGINEERING VALUES:
- We believe that ideas are more important than technologies.
- We understand that the tools we build have real-world consequences for millions of people and take that responsibility seriously.
- Security is at the center of everything we do. We are always on the lookout for ways to further harden our platform.
- We know that code isn’t just a set of instructions for machines, but communication with other humans; style, elegance, and respect are important.
- We believe that an ability to balance paying off technical debt and rapidly completing a project contributes to the health of the codebase, engineering team, and organization.
- We believe that being correct isn’t enough; respect for your colleagues and users is fundamental.