Application Security Tester

About Gusto

Gusto is a modern, online people platform that helps small businesses take care of their teams. On top of full-service payroll, Gusto offers health insurance, 401(k)s, expert HR, and team management tools. Today, Gusto offices in Denver, San Francisco, and New York serve more than 400,000 businesses nationwide.

Our mission is to create a world where work empowers a better life, and it starts right here at Gusto. That’s why we’re committed to building a collaborative and inclusive workplace, both physically and virtually. Learn more about our Total Rewards philosophy. 

About the Role:

As an Application Security Tester you will be a part of the Security Partners team at Gusto, you will be helping us keep our customers secure by proactively identifying vulnerabilities in our applications. The role will be focused on completing comprehensive security assessments of internally-developed web, mobile, AI, and API applications, from testing plan creation through to code review and vulnerability reporting to development teams.

About the Team:

The Security Partners team at Gusto acts as a crucial bridge between Product Development and Security, advocating for both sides to ensure secure product development. Their mission is to provide timely, trustworthy, and actionable security advice that mitigates overall risk while supporting the rapid pace of product development. They also serve as the consistent point of contact for all product security concerns.

Here’s what you’ll do day-to-day:

• Design and implement testing plans for new features and applications.
• Perform independent security assessments of internally developed web, mobile, AI, and API applications.
• Clearly document and communicate vulnerability findings to product development teams.
• Develop and maintain automated security testing tools.
• Perform code reviews on new and existing codebases.
• Stay up-to-date with the latest security threats, vulnerabilities, and attack techniques.

Here’s what we're looking for:

• 4+ years of experience in penetration testing and application security.
• Ability to effectively apply security testing methodologies.
• Deep understanding of web application security and vulnerabilities (XSS, SQL injection, CSRF, etc.)
• Familiarity with AI security threats (prompt injection, model abuse, etc.)
• Passion for learning and staying up-to-date with the latest security threats, vulnerabilities, and tools.
• Proficiency in Ruby, Python, and/or Javascript.
• Familiarity with REST and GraphQL.

Our cash compensation amount for this role is $147,000-164,000/yr in Denver & most major metro locations, and $178,000-199,000 for San Francisco & New York. Final offer amounts are determined by multiple factors including candidate location, experience and expertise and may vary from the amounts listed above.

Gusto has physical office spaces in Denver, San Francisco, and New York City. Employees who are based in those locations will be expected to work from the office on designated days approximately 2-3 days per week (or more depending on role). The same office expectations apply to all Symmetry roles, Gusto's subsidiary, whose physical office is in Scottsdale.

Note: The San Francisco office expectations encompass both the San Francisco and San Jose metro areas. 

When approved to work from a location other than a Gusto office, a secure, reliable, and consistent internet connection is required.

Our customers come from all walks of life and so do we. We hire great people from a wide variety of backgrounds, not just because it's the right thing to do, but because it makes our company stronger. If you share our values and our enthusiasm for small businesses, you will find a home at Gusto. 

Gusto is proud to be an equal opportunity employer. We do not discriminate in hiring or any employment decision based on race, color, religion, national origin, age, sex (including pregnancy, childbirth, or related medical conditions), marital status, ancestry, physical or mental disability, genetic information, veteran status, gender identity or expression, sexual orientation, or other applicable legally protected characteristic. Gusto considers qualified applicants with criminal histories, consistent with applicable federal, state and local law. Gusto is also committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. We want to see our candidates perform to the best of their ability. If you require a medical or religious accommodation at any time throughout your candidate journey, please fill out this form and a member of our team will get in touch with you.

Gusto takes security and protection of your personal information very seriously. Please review our Fraudulent Activity Disclaimer.