Senior Application Security Engineer

Job Description

• Provide subject matter expertise, roadmaps, strategies, and reference architectures for application and product security • Provide thought leadership in the areas of security tool automation, optimization, application vulnerability management, and strategies for risk reduction • Create a design of comprehensive architectural patterns for secure development standards for front-end, APIs, and mobile • Develop and maintain application security policies, standards, and guidelines and ensure their adherence across projects • Develop a strategy to automate software security vulnerability verification throughout the development process • Collaborate closely with cross-functional engineers to identify application-based vulnerabilities, design secure application architectures, and guide the integration of security measures into the development process • Create architecture design for tool integrations and implement tooling within CI/CD pipeline, limit manual testing and troubleshooting • Lead security engineer and software engineer training related to high-risk security risks • Evaluate products for security gaps through threat modeling and pen testing

Qualifications

• At least one security certification (ex CISSP, OSCP, GWEB, CEH, GRTP, GWEB) • 8+ years of experience in software engineering, architecture, and software security • 5+ years of previous experience with software security initiatives and/or transformations • Knowledge of OWASP Top 10, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), API Security Testing Tools, Automated Mobile Testing Tools, BSIMM, OpenSAMM and Threat Modeling tools • Experience with multiple languages such as Java, Rust, Python, and/or JavaScript • Understand how to detect and prioritize front-end, API's, Microservices, and Container vulnerabilities • Familiar with common build/automation tooling: ex Jenkins, GIT

Benefits

• performance linked bonus • equity • competitive benefits package