InVision is the world's leading product design platform, powering the future of digital product design through our deep understanding of the dynamics of collaboration. We provide two million people with the power to prototype, review, refine, manage and user test web and mobile products. InVision drives the product design process at leading Fortune 100 companies, including at Disney, IBM, Walmart, Apple, Verizon and General Motors. Backed by Accel, ICONIQ Capital, FirstMark Capital, Tiger Global and others. InVision is a distributed team with over 350 employees around the world.

Our development flow is designed and built for maximum speed and velocity. As such, we have an application security team heavily focused on identifying and remediating application and mobile vulnerabilities. You will be part of a team that has an opportunity to work across a wide range of products and services, working with and communicating across all teams in technology and responding to internal and external stakeholders. You will have an opportunity to identify security enhancement and cutting edge features that are attractive and desirable to our customer base.

You will contribute to an environment that enables you to do your best work, and you’ll do it with the tools you need to be successful. We empower our security team to be critical thinkers and thought leaders. We have a highly talented team you will work with and leverage to effectively assess and mitigate risk and prolific threats our organization and customers face.

As Part of The Team, You will be:

• Identifying and work to resolve any and all user-data vulnerabilities like Cross-Site Scripting attacks, brute force attacks, leakage of Personal Identification Information (PII), and ensuring that as much of our API surface area (as can be reasonably expected) is protected by request forgery mechanisms.
• Interfacing with bug bounty programs to identify, reproduce, remediate and test emergent vulnerabilities in our application source code.
• Work with the product team to evolve, design, implement new security measures like Two-Factor Authentication (2FA).
• Research the cost and effort associated with implementing new security requirements and audit resolution.
• Application and mobile (ios/android) vulnerability testing and remediation
• Assist in internal penetration tests and working with independent and customer pen test teams
• You will frequently interface with other Product Engineering teams and Platform Service teams to take assess the security or InVision’s own product and services.
• Every day offers a variety of work, an opportunity to contribute new ideas, and the ability to share your knowledge through blog posts and presentations.

What You’ll Need to Join Us:

• Expert knowledge of application vulnerabilities. OWASP top 10 is a good place to start but understanding that there are over 600 distinctly different types of coding vulnerabilities
• Ability to debug hard problems at every level of the stack; can debug a web application problem single-handedly all the way from the browser, through the transport, through the application and servers and databases and asynchronous queues. Not afraid of logs and core dumps.
• Strong knowledge and understanding of mobile applications and the ability to test the security of iOS and Android apps
• Application security testing skills with tools such as Kali (suite), Metasploit, Burp, Acunetix, Netsparker, Appspider, Wireshark and more
• Ability to work with a number of development teams and independent security researchers to understand and resolve vulnerabilities
• Motivation to understand the business and our users, their requirements, and deliver results.
• Passion for continued learning and achieving personal goals through developer community involvement and contributions.

Benefits:

InVision offers an incredibly unique work environment. The company employs a diverse team all over the world. In the United States we have teams including hubs in New York, San Francisco, Austin, Portland, and Boston. Each InVision team member is given the freedom and tools to do their best work from wherever they choose. Among our benefits we offer competitive health plans, 401k, a flexible vacation policy, unlimited Starbucks cards for each employee, and unlimited books related to your profession.

InVision is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. If you have a disability or special need that requires accommodation, please let us know.