Staff Engineer

Our mission is to unlock the full potential of private markets. Privately owned assets like commercial real estate, private equity, and venture capital make up half of our financial ecosystem yet remain inaccessible to most people. We are digitizing these markets, and as a result, bringing efficiency, transparency, and access to one of the most productive corners of our financial ecosystem. If you care about making the world a better place by making markets work better through technology – all while contributing as a member of a values-driven organization – we want to hear from you.

Juniper Square offers employees a variety of ways to work, ranging from a fully remote experience to working full-time in one of our physical offices. We invest heavily in digital-first operations, allowing our teams to collaborate effectively across 27 U.S. states, 2 Canadian Provinces, India, Luxembourg, and England. We also have physical offices in San Francisco, New York City, Mumbai and Bangalore for employees who prefer to work in an office some or all of the time.

About your role

As a Staff Engineer - Application and Platform Security on our Platform Engineering team, you will play a critical role in ensuring the security of our platform and web-service services. This includes evaluating existing and new web services for security vulnerabilities, developing security best practices, and working closely with cross-functional teams to maintain a high standard of security across all layers of our applications.

• Conduct periodic, comprehensive, security assessments for internal and external web services. Identify, and drive remediation of, vulnerabilities.

• Participate in design reviews to assess and identify potential security vulnerabilities.

• Develop, implement, and manage security policies and best practices across application development.

• Manage all aspects of our quarterly security penetration testing and requirements in coordination with Development, DevOps and Security teams.

• Collaborate with Development and DevOps teams to integrate security within the CI/CD pipelines and advise on secure design practices.

• Perform static code analysis, vulnerability assessment, and monitoring using industry-leading security tools.

• Enhance our cloud security posture, specifically in AWS, EKS, and Kubernetes environments, to safeguard our infrastructure and applications.

• Improve our data security posture as the business evolves.

• Maintain and improve documentation on security policies, protocols, and training for continuous improvement and compliance readiness.

• Maintain and administer tooling to detect and respond to anomalous behavior on our critical product based systems.

• Devise and implement a plan for testing compliance of our edge networks across all our SDLC environments.

• Technical Expertise: 8+ years strong background in application security for both internal and external-facing web services.

• Programming: Proficiency in Python and/or JavaScript.

• Cloud Security: Experience with AWS, EKS, and Kubernetes.

• Authentication Mechanisms: Expert-level knowledge of authentication methods for web and mobile applications, and practical experience with their secure implementation.

• Security Tools: Proficiency with tools for static code analysis, vulnerability assessment, and application monitoring (e.g., OWASP ZAP, Burp Suite, Checkmarx, or similar).

• Cross-Functional Collaboration: Proven ability to work closely with Development and DevOps teams to foster secure coding practices and DevSecOps culture.
  

Desired Certifications (not required but a plus):

• Relevant certifications such as CISSP, OSCP, CEH, or AWS Certified Security Specialty.

• Knowledge of compliance requirements (e.g., SOC 2, PCI-DSS, GDPR) and experience in documenting security procedures and policies.