Senior Application Security Engineer

Your Role & Mission

The Senior Application Security Engineer will work with product and engineering to create a secure SDLC design security features and implement tools education and processes to reduce risk of security issues in the tech stack.

Responsibilities

• Select or build tooling to help developers build secure code

• Provide overall security architectural advice to Engineering and IT

• Manage issues sourced from penetration tests and bug bounty programs

• Participate in the security champions program

• Help Product Engineering and IT incorporate security requirements into new products from inception

• Assist in the creation and maintenance of Security Risk Models for new projects and existing systems

Skills & Competencies

• 5+ Years of Web Application Security experience

• Strong experience with vulnerability management or penetration testing is required.

• Extensive experience in conducting Architectural Reviews and Threat Models frequently is required.

• Strong knowledge of common AppSec issues and tooling (e.g. SCA SAST DAST)

• Strong Linux knowledge is a plus.

• Experience with cloud services ideally GCP is plus.

• Strong software development skills ideally in Ruby Node Secondary

• Strong Communication and Influencing skills

• Should have worked in SaaS environment.

• Should have extensive knowledge of Open Redirect OAuth and CSRF.

• Certifications: OSCP/OSWE/CEH: At least 1 Certification is a plus.

#LI-JM1