Senior Application Security Engineer

We're dedicated to fortifying the web infrastructure of our products, focusing on mitigating risks associated with the OWASP Top 10 vulnerabilities and beyond. As a Senior Application Security Engineer, you will play a pivotal role in securing our web applications developed in Ruby, Go, Python and PHP as well as drive initiatives to enhance the security of our iOS & Android mobile applications. This role involves conducting security assessments, implementing security tools and processes within CI/CD pipelines, and working closely with development teams to prioritize and remediate vulnerabilities.

WHAT YOU WILL DO:

• Perform in-depth security assessments for both web and mobile applications, utilizing advanced methodologies beyond the OWASP Top 10 and OWASP MSTG, to uncover and remediate complex security issues.
• Spearhead the adoption of security measures in mobile and web application development, focusing on reducing vulnerabilities across an extensive catalog of internally developed applications.
• Craft comprehensive security frameworks tailored to the specific technologies and languages used in your organization’s SaaS platforms.
• Actively work with development teams to embed security practices within the Agile and DevOps workflows, ensuring security is an integral part of the software development life cycle (SDLC).
• Lead the design and implementation of automated security testing and monitoring frameworks, emphasizing the scalability and continuous improvement of security postures.
• Evaluate, select, and manage a dynamic set of security testing tools, keeping the toolset up-to-date with the latest in both open source and commercial offerings to address emerging threats.
• Serve as the go-to security experts for development teams, offering both strategic advice and hands-on assistance in coding practices, vulnerability remediation, and threat modeling.
• Develop and conduct security awareness and training programs tailored to developers, focusing on secure coding practices, recognizing security threats, and implementing preventive measures.
• Create and update security policies and standards that align with industry best practices and regulatory requirements, ensuring they are effectively communicated and adhered to across all development teams and third-party developers integrating with our public APIs.
• Play a key role in the incident response process, providing expert analysis and recommendations for rapid remediation of security incidents affecting web and mobile applications.

WHAT YOU NEED:

• Extensive experience with web and mobile application development and security, covering various programming languages.
• Bachelor’s degree in Computer Science, Cybersecurity, or a related field, or equivalent experience, with at least 5 years in IT security or related roles.
• Deep knowledge of security vulnerabilities in web and mobile platforms and proficiency with advanced security tools for detection and remediation.
• Skilled in JavaScript, front-end technologies, and familiar with security frameworks like OWASP Top 10 and NIST.
• Experience with web application testing tools such as Burp Suite, OWASP ZAP and others.
• Relevant certifications like GWAPT, CEH, OSCP, or CISSP are highly regarded.
• Strong analytical skills for risk assessment and developing mitigation strategies.
• Excellent communication skills for effective collaboration and leading security initiatives.

WHY YOU SHOULD WORK WITH US:

• Join a forward-thinking team that values innovation and cutting-edge practices in cloud security and DevOps.
• Engage with a company culture that is deeply committed to continuous investment in our cloud infrastructure and security.
• Participate in a collaborative environment that encourages the growth and use of your diverse set of skills and expertise.
• Take an active role in shaping the future of our cloud services, deploying the latest technologies to create a resilient and secure cloud ecosystem.