The engineering team at Root strives to be one of the most transformative engineering teams ever. We’re changing the way an industry works by leveraging technology and data to build the best products possible. Even with our significant growth, we operate in small teams that are given ownership over projects and results. We’ve found that the people closest to the problems are the best at solving them. We’re actively hiring Engineers remotely and excited to announce that Root is a “work where it works best” company. Meaning we will support you working in whatever location that works best for you across the US. We will continue to have our headquarters in Columbus and offices in other locations to give more flexibility and more choice about how we live and work.

 

Our tech stack includes:

Ruby / Rails backend, RSpec for testing

Javascript / React Native frontend, Mocha for testing

Small amounts of native iOS and Android

Deployment to AWS ECS using containers

Buildkite for CI

 

We’re scaling rapidly, and we recently launched a $6B IPO:

https://www.nasdaq.com/articles/root-insurance-ipo-poised-to-disrupt-the-insurance-market-2020-10-30

 

Our team excels at delivering software to solve the problems in front of us at Root: presently, a suite of world-class mobile, web, and server-based products obsessed with the customer experience. We’ve shaped our team and process around this; we know that constant iteration and experimentation produce the best results.

 

For more information on engineering at Root see root.engineering

We divide the areas of responsibility for engineers into three major areas:

Technical: The skills and knowledge that make up an engineer’s basic problem-solving toolbox.

Planning and Execution: The ability to plan and execute assigned work beyond basic technical solutions.

Working with Others: The ability to work effectively with other engineers and people in other functions.

 

What we look for in Application Security Engineers:

Technical Skills

  • Knowledge of securing both web and mobile applications against common issues (including OWASP Top 10
  • Writes clean, functional, well-tested code
  • Experienced with several programming paradigms
  • Deep understanding of client-server architecture and web technologies
  • Solid knowledge of continuous integration pipelines and automating security feedback
  • Building, executing, and documenting a Secure Software Development Lifecycle
  • Performs design and code reviews to identify risk and assist developers in improving overall product security
  • Integrates security test automation and tooling within CI/CD pipelines

Planning and Execution

  • Completes large pre-planned tasks in an efficient manner
  • Able to take on unplanned work and bug fixes
  • Understands and takes business goals into account when making technical decisions
  • Develops and manages a bug bounty program in partnership with external service providers
  • Coordinates and drives remediation of identified vulnerabilities and control deficiencies

Working with Others

  • Able to work across teams to tackle complex issues
  • Works with engineers to coach them on finding and fixing security bugs
  • Can teach secure coding techniques and methods
  • Work closely with Product and Engineering teams to deliver secure, high-quality features
  • Partner with the business to establish application and product security standards and secure coding practices

 

Skills

Web Application Security
Mobile Application Software
Application Development