About the Role
The Senior Application Security Engineer will play a pivotal part in our Security team, working closely with all product and engineering teams across the business to ensure seamless collaboration.
This role requires you to delve deep into the code base while educating the broader business on security best practices, driving home the importance of secure coding standards.
* Review the platform's code to identify security issues and help engineers find more secure solutions.
* Proactively work with our product and engineering teams to assess risk and provide policy guidance on secure code review and best practices.
* Advocate for security architecture best practices across the Product and Engineering organisation, including secure configuration and deployment of new infrastructure and services.
* Educate the engineering and product teams on what secure code and design looks like and why it is important.
* Continually test our applications, both internally and externally.
* Stay up-to-date on the latest threats and attack techniques and how they apply to our platform.
* Coordinate and manage third-party application security reviews and penetration tests.
* Set standards for identity and access management across the platform.
* Review our use of cloud providers, identify risk areas, and help mitigate them.
Requirements
* A passion for solving complex challenges in high-growth environments.
* Experience with cloud platforms, preferably Google Cloud Platform (GCP).
* Motivation to learn new skills or deepen existing expertise.
* In-depth understanding of common attacker tools and techniques, and how they can be exploited by insecure development practices.
* Experience with vulnerability assessment tools.
* Strong communication skills to explain technical security and software concepts to non-technical stakeholders.
* Proficiency in Kotlin, TypeScript, Node.js, and Kubernetes is a plus.
* Addition training, security certifications, or history of responsible disclosure is a significant advantage.
* Published articles, journals, or blogs related to cybersecurity.
Equal Opportunity Employer
We value diversity and consider candidates based on merit, qualifications, competence, and talent.