Application Security Engineer

Application Security Engineer

Vacancy expired!

We are currently looking for an Application Security Senior Software Engineer who will
become a security evangelist, capable of translating security language and
requirements into language that is meaningful to many audiences, including business
and technical leaders, and individual contributors. You will help us build tools that
enable our teams to be more self-sufficient delivering secure and scalable software.
We want our secure computing policies and controls to be automated and embedded in
the way we work, and you will be responsible for finding ways to make sure the way we
build, deploy and operate our SaaS platform adheres to our standards. We have some
of the industry?s most talented, technical, and capable engineering teams, so being able
to clearly communicate our AppSec vision and gain adherence by influence is a must.
You will be part of a small and dedicated team day to day, but you will collaborate and
work with all teams to help us realize our security program goals.

Responsibilities
Integrate security tools, standards, policies, controls and processes into the Software Development Lifecycle (SDLC) for all teams
Develop and integrate software and tools to gain insights into secure development practices and compliance
Support application security tool deployments
Develop secure development standard documentation and training
Support security incident response and provide expertise in remediation
Support application architecture review process when security expertise is required
Support cadence and execution of penetration testing services, including preparation of executive summaries for both internal and external parties
Support security-related services or software vendor evaluation and ensure 3rd party meets security standards
Develop or integrate metrics reporting tools to track the state of application security program and performance of development teams against requirements
Review documentation, code, and processes with an eye towards continuous improvement and risk mitigation

Minimum Qualifications
BA/BS in Computer Science or related technical field or equivalent practical experience.
3+ years experience building highly-scalable customer facing applications.
Proficiency in at least two programming languages, including at least one dynamic language such as JavaScript or Python
Familiarity with industry standards and regulations such as PCI, SOX, and ISO27001
Experience with common software development process tools such as Jira, Git, Maven, Npm, Jenkins, Trello, Confluence
Experience with common automated security analysis tools such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis)
Experience with unit testing frameworks and tools such as Jest, JUnit, Mocha/Chai
Familiar with agile development processes with experience integrating secure development practices

Preferred Qualifications
Experience supporting tools and processes for secure web applications on AWS and AWS Lambda.
Experience with automated deployment tools such as CloudFormation, CDK, and/or Serverless.
Experience with end-to-end testing frameworks.
Experience analyzing application and cloud environment security standards.
Exceptional written and oral communication skills