We are seeking a senior application security engineer to lead the development and design of application-level security controls and standards in our fast-paced DevSecOps environment. The ideal candidate will have strong software engineering foundations, experience with threat modeling, secure coding, and system administration, as well as proficiency in at least one programming language and cloud platforms.
Key responsibilities include:
* Design and implement application security controls and standards
* Perform security design reviews and track security issues
* Build internal security tools to fix security problems at scale
* Drive remediation of discovered issues through code review
* Enable automated security testing at scale to measure vulnerability and report on risk
Requirements
* Strong software engineering foundations
* Minimum 7 years technical experience in combination of threat modeling, secure coding, identity management, software development, cryptography, system administration, and network security
* Minimum 2 years experience with Software Development Life Cycle in at least one language (Rust, Python, Go, Nodejs)
* Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure)
* Experience running assessments using OWASP MASVS and ASVS
* Working knowledge of exploiting and fixing application vulnerabilities
* Strong background in threat modeling
* In-depth knowledge of common web application vulnerabilities (OWASP Top 10)
* Familiarity with automated dynamic scanners, fuzzers, and proxy tools
* Analytical mind for problem solving, abstract thought, and offensive security tactics