Software Engineer, Security

Gusto, San Francisco

It’s time to tame the chaos of payroll, benefits, and HR.

About Gusto
Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 100,000 businesses nationwide.
Our Payroll, Benefits, and HR software suite allows small businesses to move faster and gives them peace of mind about back-office tasks in their business.

We’re looking for talented and motivated application security engineers with 7+ years of experience. As part of our AppSec team, you will build tools that will help our product engineers effortlessly write code that keeps our customers’ information secure. If you’re interested in building secure software with far-reaching effects in our modern economy, join us!

Gusto processes billions of dollars in payroll for hundreds of thousands of employees. Additionally, our clients trust us with a huge amount of personally identifiable information (PII) and protected health information (PHI). Our customers put a lot of trust in us to be good stewards of this information. As a result, protecting our clients’ PII and PHI is one of the top considerations in anything we do at Gusto.

Here’s what you’ll do day-to-day:

  • Work with our product engineers to keep our web applications secure.
  • Develop easy-to-use tools and light-weight processes that will help our engineers seamlessly write secure code.
  • Be involved early in the software development life cycle so that security is built into our architecture.
  • Train engineering teams in secure coding best practices.
  • Research the latest threats and exploits and help our engineers secure the product against those threats.
  • Automate and integrate security into CI/CD pipelines, such as static code analysis and dynamic code analysis.
  • Run internal red team exercises.
  • Coordinate and manage 3rd party pen-testers and bug bounty programs.
  • Ensure proper management, encryption, and separation of secrets and keys.
  • Share our security learnings and best practices with the outside world, so we can make the world more secure.

Here’s what we’re looking for:

  • 7+ years experience in an application security role.
  • Familiarity with cloud environments like AWS.
  • Familiarity with dynamic languages and modern web development frameworks. We use Ruby, Javascript, Rails, and React.
  • A hands-on engineer who cares deeply about both the technological and social aspects of building a secure organization
  • Ability to partner well with cross-functional stakeholders.
  • Always thinking about attack vectors in which PII and PHI can be compromised.
  • Relevant security certifications (OSCP, CEH, GPEN, CISSP, etc.) are a plus.

Learn more about the team:

Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto.

About Gusto

We are Gusto Founded in 2011, Gusto provides payroll, benefits and HR to modern companies. We have offices in San Francisco and Denver, but thanks to our 40,000 small business customers and their employees, there’s a little piece of us in all 50 states. We believe that humans aren’t resources. When we come to work, we don’t leave our humanity at the door. We bring life with us: our feats and friendships, our adventures and aspirations. Great businesses treat us like people, not ID numbers. When that happens, work becomes a source of energy rather than fatigue. It creates a virtuous cycle where life improves work, and work improves our lives. That’s why we started Gusto. Our mission is to create a world where work empowers a better life.

Want to learn more about Gusto? Visit Gusto's website.