Sr. Security Engineer

Aha! is seeking a Sr. Security Engineer to join its fully remote engineering team, focused on web application security. The role involves identifying threats, improving security tools, contributing to scanning and testing, and developing secure patterns. Candidates should have deep knowledge of vulnerabilities, multitenant architectures, and experience with security reviews and tools like CodeQL or Burp Suite. This position is for a highly productive team centered in North American time zones, emphasizing collaboration and continuous improvement.

Must Have

• Four+ years of experience in application security
• Deep knowledge of web application vulnerabilities and mitigations
• Familiarity with securing data in multitenant architectures
• Experience with security reviews or threat modeling for full-stack web applications
• Experience with security tools such as CodeQL or Burp Suite
• Identifying application security threats and mitigations early
• Improving and maintaining security code scanning tools
• Contributing to application security scanning or testing
• Developing and sharing secure patterns internally

Good to Have

• Experience with Ruby on Rails

Perks & Benefits

• Profit sharing
• Retirement contributions
• Medical, dental, and vision plans (100% premium coverage for many)
• Up to 200 hours of paid time off annually
• 30 to 90 days of paid parental leave
• Five to 10 days of paid care and bereavement leave
• Up to $1,000 annually for third-party education and paid time off for learning
• Volunteer opportunities

Engineering at Aha!

Aha! is the world's #1 product development software. We help more than 1 million product builders go from discovery to delivery and bring their strategy to life. Our suite of tools includes Aha! Roadmaps, Aha! Discovery, Aha! Ideas, Aha! Whiteboards, Aha! Knowledge, Aha! Teamwork, and Aha! Develop. Product teams rely on our expertise, guided templates, and training programs via Aha! Academy to be their best. We are proud to be a very different type of high-growth SaaS company. The business is self-funded, profitable, and 100% remote. We are recognized as one of the best fully remote companies to work for, champion the Bootstrap Movement, and have given over $1M to people in need through Aha! Cares. Learn more at www.aha.io.

Our team

The engineering team is a midsized, fully remote group that is highly productive. We are centered around North American time zones so we can collaborate during the workday.

• We help each other grow: We each bring unique skills to the table and want our teammates to feel valued from the start. Our onboarding program exposes new hires to the codebase and lets them contribute right away.
• We move quickly: We ship code multiple times a day. We believe in getting valuable features in front of customers and iteratively improving as we learn what works and what does not.
• We value product over process: We want the team to have the time and focus needed to solve complex challenges. We minimize overhead by setting clear goals and avoiding heavyweight processes and excessive meetings.
• We share knowledge freely: We share our learnings with one another and with the developer community. Our engineering blog demonstrates how we tackle interesting challenges at Aha!
• We enjoy: We like what we do. And we want you to love your team and your job too. Learn more about The Responsive Method, our company values, and the generous benefits we offer.

Our technology

Our web application is a single-instance, multitenant Ruby on Rails monolith supported by Postgres (database), Redis (background jobs), Kafka (event processing), and Memcached (Rails caching). We also run a Node.js webserver to support collaborative editing and real-time updates. Our application is hosted on Amazon Web Services and architected with ECS for reproducibility and scalability.

We use a growing amount of React on the front end to build rich client-side experiences, including our fully collaborative text editor and slide presentation editor. We balance the strengths of both technologies: Rails for its conventions and simplicity and React for more powerful interactive functionality.

Teammates embrace the new technologies that help us deliver a lovable product suite, but we also remain cognizant of the maintenance overhead a new library or platform brings. We solve the problems in front of us — rather than prematurely optimizing to address issues that might never materialize.

We do most of our planning and collaboration in Aha! Roadmaps and built Aha! Develop so software engineers and their teams can take advantage of those same rich features. We use Slack and Zoom for video calls. (Email? Rarely.)

Your experience

The primary focus of this role is web application security, so you should be deeply knowledgeable about vulnerabilities and mitigations. You are familiar with securing data in multitenant architectures and have helped engineers build secure applications.

We believe that being a kind person who elevates the rest of the team is just as valuable as writing great code. You are humble, eager to learn, and always willing to help others. You want teammates who enjoy solving problems, regardless of the technologies and techniques involved. You have worked at meaningful scale before and want to do so again. You also have the following experience and skills:

• Four+ years of experience working in application security
• Active collaborator with engineering and product teams
• Experience with security reviews or threat modeling for a full-stack web application
• Experience with security tools such as CodeQL or Burp Suite
• Experience with Ruby on Rails is a plus

Your work at Aha!

The security team works across our suite of products and provides guidance for the larger engineering team across the full stack. We are passionate about data security and helping each other. As a Senior Security Engineer, your work will include:

• Identifying application security threats and mitigations early
• Improving and maintaining security code scanning tools
• Contributing to application security scanning or testing
• Developing and sharing secure patterns internally for ongoing education

If the Sr. Security Engineer role sounds appealing, we would love to hear from you. (A real human reviews every application.)

Grow with us

Everyone deserves to reach their fullest potential. We know that when we do work that matters with people we care about in a high-growth environment, we feel engaged and alive. It is why we joined Aha! and how we achieve our very best.

We offer all the benefits you would expect and more, including profit sharing. The specific benefits listed below are reflective of what we offer U.S.-based hires. We also do our best to extend identical benefits to international teammates.

• The base salary range for this role in the U.S. is between $110,000 and $190,000
• Cash-based compensation also includes profit sharing, and we contribute a percentage of your total pay each month toward your retirement
• Medical, dental, and vision plans (for many teammates, we cover 100% of the premiums)
• Up to 200 hours of paid time off a year to spend however you want
• 30 to 90 days of paid parental leave and five to 10 days of paid care and bereavement leave
• Up to $1,000 annually for third-party education, along with paid time off to immerse yourself in learning
• Volunteer opportunities throughout the year

Base salary and total compensation are dependent upon many factors, including skills, experience, and relevant past roles.

#LI-REMOTE

We are building a distributed team, and you can work from anywhere in North America or South America for this role. We offer generous salary, equity, benefits, and a profit-sharing program. See other openings at Aha!

It is important to us to have authentic conversations with candidates. This helps us understand and value each candidate's skills, experiences, and ambition. For these reasons, we do not allow candidates to use AI tools during interviews without our prior approval. Please let us know if you have any questions.

Diversity

We are committed to hiring, promoting, and compensating employees based on their qualifications and demonstrated ability to perform job responsibilities. As an equal opportunity employer, Aha! welcomes all employees and applicants, without regard to age, race, color, national origin, physical or mental disability, gender, religion, sexual orientation, gender identity, marital or veteran status, condition of pregnancy, or any other legally protected characteristic. Learn more about diversity and inclusion at Aha!

Find out what makes us different. It's Lovability.

------------------------------------------------------------------------------------

Read the bestselling book by Aha! co-founder and CEO Brian de Haaff.

Build lovable products

Try Aha! software for free

Start free trial

Join a demo