Application Security Engineer
Vacancy expired!
We are currently looking for an Application Security Senior Software Engineer who willbecome a security evangelist, capable of translating security language andrequirements into language that is meaningful to many audiences, including businessand technical leaders, and individual contributors. You will help us build tools thatenable our teams to be more self-sufficient delivering secure and scalable software.We want our secure computing policies and controls to be automated and embedded inthe way we work, and you will be responsible for finding ways to make sure the way webuild, deploy and operate our SaaS platform adheres to our standards. We have someof the industry?s most talented, technical, and capable engineering teams, so being ableto clearly communicate our AppSec vision and gain adherence by influence is a must.You will be part of a small and dedicated team day to day, but you will collaborate andwork with all teams to help us realize our security program goals.
ResponsibilitiesIntegrate security tools, standards, policies, controls and processes into the Software Development Lifecycle (SDLC) for all teamsDevelop and integrate software and tools to gain insights into secure development practices and complianceSupport application security tool deploymentsDevelop secure development standard documentation and trainingSupport security incident response and provide expertise in remediationSupport application architecture review process when security expertise is requiredSupport cadence and execution of penetration testing services, including preparation of executive summaries for both internal and external partiesSupport security-related services or software vendor evaluation and ensure 3rd party meets security standardsDevelop or integrate metrics reporting tools to track the state of application security program and performance of development teams against requirementsReview documentation, code, and processes with an eye towards continuous improvement and risk mitigationMinimum QualificationsBA/BS in Computer Science or related technical field or equivalent practical experience.3+ years experience building highly-scalable customer facing applications.Proficiency in at least two programming languages, including at least one dynamic language such as JavaScript or PythonFamiliarity with industry standards and regulations such as PCI, SOX, and ISO27001Experience with common software development process tools such as Jira, Git, Maven, Npm, Jenkins, Trello, ConfluenceExperience with common automated security analysis tools such as SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), and SCA (Software Composition Analysis)Experience with unit testing frameworks and tools such as Jest, JUnit, Mocha/ChaiFamiliar with agile development processes with experience integrating secure development practicesPreferred QualificationsExperience supporting tools and processes for secure web applications on AWS and AWS Lambda.Experience with automated deployment tools such as CloudFormation, CDK, and/or Serverless.Experience with end-to-end testing frameworks.Experience analyzing application and cloud environment security standards.Exceptional written and oral communication skillsVacancy expired!