Your Role & Mission
The Senior Application Security Engineer will work with product and engineering to create a secure SDLC, design security features and implement tools, education and processes to reduce risk of security issues in the tech stack.
Responsibilities
- Select or build tooling to help developers build secure code
- Provide overall security architectural advice to Engineering and IT
- Manage issues sourced from penetration tests and bug bounty programs
- Participate in the security champions program
- Help Product, Engineering and IT incorporate security requirements into new products from inception
- Assist in the creation and maintenance of Security Risk Models for new projects and existing systems
Skills & Competencies
- 5+ Years of Web Application Security experience
- Strong experience with vulnerability management, or penetration testing is required.
- Extensive experience in conducting Architectural Reviews and Threat Models frequently is required.
- Strong knowledge of common AppSec issues and tooling (e.g. SCA, SAST, DAST)
- Strong Linux knowledge is a plus.
- Experience with cloud services, ideally GCP is plus.
- Strong software development skills ideally in Ruby, Node Secondary
- Strong Communication and Influencing skills
- Should have worked in SaaS environment.
- Should have extensive knowledge of Open Redirect, OAuth, and CSRF.
- Certifications: OSCP/OSWE/CEH: At least 1 Certification is a plus.
#LI-JM1
Please mention the word **RELIABLY** and tag RMTA3LjE3OC4yMDAuMjE1 when applying to show you read the job post completely (#RMTA3LjE3OC4yMDAuMjE1). This is a beta feature to avoid spam applicants. Companies can search these words to find applicants that read this and see they're human.
