Join leading company in AV technology, and play a crucial role in enhancing the security posture of our products. As a Senior Application Security Engineer, you will be at the forefront of defining and implementing Secure Software Development Lifecycle practices across the majority of technology projects. Your responsibilities include embedding application security into the software delivery lifecycle, hypothesizing threats, and championing secure implementation efforts.
Collaborate with cross-functional teams to drive positive changes, improve secure coding practices, and lead complex application security reviews. Scale application security through the development of automated testing and centralized security libraries. Your expertise in identifying security issues, strong communication skills, and ability to mentor team members will be instrumental in ensuring end-to-end security across products.
If you are a self-motivated individual with a passion for advancing secure coding practices, we invite you to contribute to our mission of delivering secure and innovative solutions.
Define and implement Secure Software Development Lifecycle practices for technology projects to mitigate application security risks.
Embed application security into the software delivery lifecycle, utilizing various methodologies and tool sets.
Ensure end-to-end security by guiding development teams in risk remediation and championing secure implementation efforts.
Enhance secure coding practices, application security requirements, automation, and metrics.
Drive initiatives in the bug bounty program, positioning as a leading authority.
Lead positive cross-functional changes within the Security organization, collaborating with product development and solution teams.
Train and educate developers in secure coding techniques, enabling self-service through supporting toolsets.
Drive complex application security reviews and threat modeling, providing expert guidance.
Scale application security by developing automated testing and centralized security libraries, facilitating secure code writing.
Exhibit highly effective communication, influencing, and negotiating skills, while providing mentorship and support to the AppSec team.
We're looking for more direct application security experience and less so in the red team or offensive security. At a minimum:
Education or 3 year's experience in software development with a focus on client applications
Experience developing in C/C++ is a plus
Experience with software development models (eg. Waterfall, Agile)
Knowledge of CWE & CVE
The focus here should not only be what they are but how to remediate them
3 yrs of experience with Python
3 yrs of experience with SAST/DAST/SCA tooling especially during the implementation phase and integrating with CI/CD tools
Experience with Checkmarx, and Snyk is preffered
If they also have experience with Team City, Artifactory, and GitHub Enterprise that is a plus
Nice to have
Knowledge of OWASP top 10 attacks and remediations
Experience building and implementing metrics for application security and bug bounty programs
Hands on history of triaging, driving, and implementing bug bounty programs with development teams
Proficiency in written and spoken English at least on B2 level.