We're revolutionizing the fitness & wellness industry, and we’re looking for talented people to help us do it. Mindbody + ClassPass bring together the best of both sides of the market: Mindbody is the industry’s most trusted all-in-one technology platform; ClassPass is one of the most popular apps for fitness & self-care enthusiasts. Together we’re partnering with more than 70,000 fitness studios, gyms, salons, and spas around the world. We’re not just another tech company—we’re far and away the leader of our industry. So join the team, work with mission-led people, and enjoy amazing benefits. Let’s see what we can accomplish together!
Who we areWe are a dedicated team of product security engineers committed to developing and supporting ground-breaking products. Together we’ll work to safeguard the future, enabling wellness businesses worldwide to empower their customers to lead healthy lives. Driven by a higher purpose, we continuously challenge ourselves and our organization to excel, recognizing the strength that comes from collaborative efforts toward a common objective. We are strong advocates for a diverse workplace, fostering an environment where individuals can bring their authentic selves to contribute to our shared success. At the core of our achievements is a deep belief in the value of our people. If you share our passion and vision, we invite you to consider joining our team, as together, we can explore remarkable feats and make a lasting impact!
Your roleAs a Product Security Engineer III, you will be responsible for contributing to the success of the Product Security team in several key areas. You’ll work to reduce security friction across engineering by fostering partnership and collaboration to enhance our security posture. Security enablement will be a crucial aspect of your responsibilities involving implementation and administration of security tools. Lastly, you’ll play a vital role in establishing continuous security testing, measurability, and reporting on the impact of security initiatives.
You’ll pursue continuous improvement to help Mindbody achieve its mission: Powering the world’s fitness and wellness businesses and connecting them with more consumers, more effectively, than anyone else.
You'll likely spend time working onActively participate in security activities covering all phases of the Secure Software Development Lifecycle (SSDLC).
Fully engage in every facet of vulnerability assessments and threat management, encompassing penetration testing, validation, and report generation.
Configure and administer Product Security tools and technologies.
Collaborate with security champions and product engineers to seamlessly integrate security processes and technology across product and enterprise environments.
Be responsible for developing and maintaining security documentation and reports derived from penetration testing activities and product security tools. · Administer, interpret, and triage results from a variety of security tools and data sources including SAST, SCA, DAST, observability, vulnerability management, and cloud security platforms.
Devise and execute effective remediation initiatives in collaboration with the product owners.
Support and evangelize DevSecOps methodologies and frameworks in cloud and enterprise environments.
About the right team memberYou are an intellectually curious engineer, who is passionate about creating impactful security solutions and who is excited to share them with others using your excellent verbal and written communication skills. You are an AppSec expert, and you know OWASP is more than a top 10 list. You have previous development experience and are eager to apply those skills to grow Product Security while working with fellow team members, security champions, and others across the broader Product Development and Engineering organization. You can lead some initiatives and work independently.
You'll thrive in this role with experience inStrong experience in information security and/or engineering technology experience.Experience in application security experience administering SAST, SCA, and DAST tools while additionally possessing the ability to interpret and remediate findings.Experience in years penetration testing experience with web and mobile applications.Experience with network proxies and penetration testing tools or aids, such as Burp Suite, Metasploit, Nmap, and Wireshark.Advanced knowledge of software security development practices.Advanced knowledge of cloud networking and cloud security concepts.Experience with one or more of the following programming languages: JavaScript, Python, C#, ASP, .NET, Java, Kotlin.Direct experience in guiding software engineering teams through security best practices and defining security requirements.Proficiency with container runtimes, IAC, and WAF.SaaS or software industry experience and security-related certifications are a plus.Have we piqued your curiosity?Sound like the role for you? We’d love to hear from you! Even if you’re not 100% sure about potential fit, we still encourage you to apply. We’re looking for the right person, not the perfect series of checkboxes.
Mindbody is an Equal Opportunity Employer. We highly value diversity at our company and encourage people of all different backgrounds, experiences, abilities and perspectives to apply. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status, or other protected characteristics.
By entering your email and phone number and submitting your application, you consent to receive emails, calls and SMS about your application and other roles at Mindbody, including by auto-dialer. Message and data rates may apply. Opt-out or text STOP to cancel at any time. If you are a California resident or reside outside the United States then by submitting your application you confirm that you have read, understood, agree and - where applicable - grant your prior, free, informed and express consent for the processing of your personal information, including sensitive personal information, as described in our California Applicant Privacy Notice or International Applicant Privacy Notice (as applicable).