Sr. Application Security Engineer

At Reltio®, we believe data should fuel business success. Reltio’s AI-powered data unification and management capabilities—encompassing entity resolution, multi-domain master data management (MDM), and data products—transform siloed data from disparate sources into unified, trusted, and interoperable data. Reltio Data Cloud™ delivers interoperable data where and when it's needed, empowering data and analytics leaders with unparalleled business responsiveness. Leading enterprise brands—across multiple industries around the globe—rely on our award-winning data unification and cloud-native MDM capabilities to improve efficiency, manage risk and drive growth.

At Reltio, our values guide everything we do. With an unyielding commitment to prioritizing our “Customer First”, we strive to ensure their success. We embrace our differences and are “Better Together” as One Reltio. We are always looking to “Simplify and Share” our knowledge when we collaborate to remove obstacles for each other. We hold ourselves accountable for our actions and outcomes and strive for excellence. We “Own It”. Every day, we innovate and evolve, so that today is “Always Better Than Yesterday”. If you share and embody these values, we invite you to join our team at Reltio and contribute to our mission of excellence.

Reltio has earned numerous awards and top rankings for our technology, our culture and our people. Reltio was founded on a distributed workforce and offers flexible work arrangements to help our people manage their personal and professional lives. If you’re ready to work on unrivaled technology where your desire to be part of a collaborative team is met with a laser-focused mission to enable digital transformation with connected data, let’s talk!

Job Summary:

The Sr. Application Security Engineer will play a vital role in building and integrating security practices within our development and release processes. You will work closely with cross-functional teams to ensure that security is a foundational aspect of our software design, development, and deployment, promoting secure coding practices and shift-left development methodologies.

Job Duties and Responsibilities:

• Secure Development Lifecycle: Collaborate with development teams to integrate security practices throughout the software development lifecycle (SDLC), ensuring security is embedded from design through deployment. Help in the implementation of secure coding standards and best practices across development teams.
• CI/CD Pipeline Security: Support implementation of security controls within our CI/CD pipelines, enabling automated security testing and vulnerability assessments. Work with release management teams to ensure secure deployment checks and compliance with security policies.
• Shift-Left Security: Support shift-left development initiatives by providing guidance and remediation support to engineers. Develop and maintain security tools and frameworks that support developers in writing secure code from the outset.
• Threat Modeling: Conduct threat modeling sessions with development teams to identify potential security risks early in the design process. Align with Engineering processes to include threat modeling into the architecture and design phases to proactively address security concerns.
• Vulnerability Management: Analyze and support remediation of security vulnerabilities in applications, working with teams to prioritize efforts and validate fixes. Assist development teams in writing code fixes for vulnerabilities and ensure proper validation and testing before release.
• Security Training: Deliver content around secure coding practices, application security threats, and remediation techniques. Guide developers on secure coding techniques and provide hands-on guidance during code reviews.
• Collaboration: Partner with DevOps, QA, Engineering, Product, and Release Management teams to ensure security requirements are incorporated into all aspects of software development and delivery.
• Release Management: Collaborate with release management teams to integrate security checks within the release process, ensuring secure deployment practices and compliance with security standards.
• Continuous Improvement: Stay current with emerging security threats and best practices, continuously seeking opportunities to improve our security processes and tooling. Evaluate and integrate new security technologies and tools to enhance the security posture of our applications.

Skills You Must Have:

• 5+ years of experience in application security or software development, with at least 2 years in a cloud-native or SaaS company.
• Hands-on experience with secure coding practices and application development.
• Understands cloud well-architected frameworks, application development, and deployment workflows.
• Experience with release management processes and integrating security into deployment workflows.
• Understanding of cloud well-architected frameworks, application development, and deployment workflows.
• Passion for improving quality processes through shift-left, automation, and tools to enable increased efficiency and the highest product quality.
• Self-starter who likes taking on challenges. Motivated, autonomous, and responsible with a history of shaping and establishing technical vision and architecture within successful companies.
• Superior communication skills and the ability to communicate clearly with peers, customers, and leadership. Educates and collaborates well and likes to work toward a risk-appropriate consensus within each team.
• Knowledge and expertise in essential web technologies like Java Spring Boot, Java, JavaScript, Node.js, C#, UI frameworks (e.g., Backbone.js, Vue.js, React, Angular), microservices architectures, cloud technologies, serverless implementations, and emerging technologies. Hands-on experience in developing secure applications using these technologies.
• Proficient in secure coding standards and best practices, with hands-on experience implementing them.
• Experience leading secure code reviews and guiding developers on secure coding.
• Strong understanding of application security vulnerabilities (e.g., OWASP Top Ten) and how to prevent them during development.
• Experience with some combination of the top 3 IaaS vendors (AWS, GCP, and Azure) and working in their environments.
• Experience with securing container ecosystems and Kubernetes orchestration.
• Experience with Jenkins, ArgoCD, or other continuous integration software.
• Experience operationalizing static analysis, software composition analysis, and dynamic analysis testing tools in the development pipeline.