Application Security Engineer


Kyiv, UA
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 02/21/2021
  • Website:
  • Company Address: 548 Market Street, #35410, San Francisco, CA, 94104

About Grammarly

Grammarly’s digital writing assistant helps more than 20 million people write more clearly and effectively every day. In building a product that scales across multiple platforms and devices, Grammarly works to empower users whenever and wherever they communicate.

Job Description

The Opportunity

At Grammarly, we believe that everyone should be heard and understood. We know that clear and effective communication improves people’s lives. We also know that we want to help everyone improve their communication. That’s why we’ve built an AI-powered communication assistant—to help the world’s 2 billion English speakers feel heard. So far, we’ve created a product that reaches more than 20 million people every day. Join us to reach the next 100 million.

As an engineer in Grammarly AppSec Team, you will have a substantial impact on the security of Grammarly product family and cloud infrastructure behind it. We are looking for engineers eager to find bugs and vulnerabilities in the code, conduct black-box and white-box testing of different products and features.What You Will Accomplish

  • Serve as the subject matter expert for application security, providing guidance to Engineering and Product teams. Develop secure system design and secure coding recommendations. 
  • Design and implement SDLC practices including code reviews, static/dynamic code analysis, and vulnerability assessments. Actively participate in the “security champions” initiative and provide security training to engineering teams. 
  • Perform security testing on our internal and external applications, including performing security code reviews, vulnerability assessments,  and exploit development, as well as documenting the outcomes of the research.
  • Manage Grammarly bug bounty and drive different program initiatives and promotions.
  • Integrate SAST/DAST in CI/CD and operational pipelines. Create and manage tools (e.g., web security scanners) to help test and monitor product security.

Talents You Bring to the Team

  • You embody our EAGER values (Ethical, Adaptable, Gritty, Empathetic, Remarkable).
  • Minimum of two years in application security or related field.
  • Knowledge of programming languages (JS, Java, Python, Go). 
  • Familiarity with software development methodologies, processes, and tools. 
  • Familiarity with modern DevOps practices and tools.
  • Working experience with application security tools like BurpSuite, OWASP ZAP, Metasploit, etc.Nice to have experience:
  • Participation in bug bounty programs and security research.
  • Practical experience with device management, access provision, access management.
  • Prior experience in continuous security cycle implementation for web applications.
  • Knowledge of networking principles, macOS/Linux/Windows platforms.
  • Experience with malware analysis; reverse engineering is also a plus.
  • Experience with AWS (or other cloud platforms).

What Grammarly Offers You

  • Big goals, challenging work, fast learning cycles, practical training, and meaningful feedback.
  • Project exposure and ownership that impacts our world, users, product, colleagues, and business.
  • Healthcare, communication coaching, and great coworkers!

About Grammarly

The diverse experiences, ideas, and identities of Grammarly’s team members help us make better decisions and drive great results for our users. We foster an inclusive work environment that welcomes team members of all backgrounds and perspectives. As an equal opportunity employer, we evaluate candidates based solely on talents, skills, and knowledge.

Related Jobs

Technical Sourcer

Grammarly - Kyiv, UA

Application Security Engineer

Grammarly - Kyiv, UA

Software Engineer, Machine Learning

Grammarly - San Francisco, CA, US

Data Scientist

Grammarly - San Francisco, CA, US

Senior Technical Recruiter

Grammarly - Kyiv, UA
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.