Senior Application Security Engineer

Other Jobs To Apply

<p>About the job</p> <p>Who we are</p> <p>We&#8217;re a leading, global security authority that&#8217;s disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world&#8217;s largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust &#8211; an abstract idea &#8211; to work. That&#8217;s digital trust for the real world.</p> <p>Job summary</p> <p>As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company&#8217;s web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.</p> <p>This is a remote position.</p> <p>What you will do</p> <p>Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.<br /> Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.<br /> Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.<br /> Perform and coordinate manual and automated code reviews.<br /> Lead threat modeling exercises across engineering teams.<br /> Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.<br /> Contribute to internal security tooling development or integration.<br /> Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.<br /> Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.<br /> Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.<br /> Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.<br /> Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.<br /> Assist with managing bug bounty program.<br /> Develop program documentation to promote operational stability and scalability.<br /> Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.<br /> Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC<br /> Drive and support security identified remediation efforts.<br /> Foster and promote a security-forward culture.<br /> Mentor junior team members.<br /> Other duties and responsibilities, as assigned.</p> <p>What you will have</p> <p>Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.<br /> Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.<br /> 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.<br /> Experience with red team implementation and methodologies.<br /> Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.<br /> Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.<br /> Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell<br /> Excellent communication skills with the ability to engage technical and non-technical stakeholders.<br /> Strong analytical and problem-solving abilities, with a meticulous attention to detail.<br /> Advanced level of knowledge of Information Security design concepts and principles</p> <p>Nice to have</p> <p>Master&#8217;s degree in a technical discipline<br /> Experience working in highly regulated environments.<br /> Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)<br /> Certified Information Systems Auditor (CISA)<br /> AWS Solutions Architect</p> <p>Benefits</p> <p>Provident Fund<br /> Medical Aid + Gap Cover<br /> Employee Assistance Program<br /> Gym Reimbursement<br /> Life Insurance<br /> Disability Insurance<br /> Sabbatical</p>

Back to blog
Ads

Common Interview Questions And Answers

1. HOW DO YOU PLAN YOUR DAY?

This is what this question poses: When do you focus and start working seriously? What are the hours you work optimally? Are you a night owl? A morning bird? Remote teams can be made up of people working on different shifts and around the world, so you won't necessarily be stuck in the 9-5 schedule if it's not for you...

2. HOW DO YOU USE THE DIFFERENT COMMUNICATION TOOLS IN DIFFERENT SITUATIONS?

When you're working on a remote team, there's no way to chat in the hallway between meetings or catch up on the latest project during an office carpool. Therefore, virtual communication will be absolutely essential to get your work done...

3. WHAT IS "WORKING REMOTE" REALLY FOR YOU?

Many people want to work remotely because of the flexibility it allows. You can work anywhere and at any time of the day...

4. WHAT DO YOU NEED IN YOUR PHYSICAL WORKSPACE TO SUCCEED IN YOUR WORK?

With this question, companies are looking to see what equipment they may need to provide you with and to verify how aware you are of what remote working could mean for you physically and logistically...

5. HOW DO YOU PROCESS INFORMATION?

Several years ago, I was working in a team to plan a big event. My supervisor made us all work as a team before the big day. One of our activities has been to find out how each of us processes information...

6. HOW DO YOU MANAGE THE CALENDAR AND THE PROGRAM? WHICH APPLICATIONS / SYSTEM DO YOU USE?

Or you may receive even more specific questions, such as: What's on your calendar? Do you plan blocks of time to do certain types of work? Do you have an open calendar that everyone can see?...

7. HOW DO YOU ORGANIZE FILES, LINKS, AND TABS ON YOUR COMPUTER?

Just like your schedule, how you track files and other information is very important. After all, everything is digital!...

8. HOW TO PRIORITIZE WORK?

The day I watched Marie Forleo's film separating the important from the urgent, my life changed. Not all remote jobs start fast, but most of them are...

9. HOW DO YOU PREPARE FOR A MEETING AND PREPARE A MEETING? WHAT DO YOU SEE HAPPENING DURING THE MEETING?

Just as communication is essential when working remotely, so is organization. Because you won't have those opportunities in the elevator or a casual conversation in the lunchroom, you should take advantage of the little time you have in a video or phone conference...

10. HOW DO YOU USE TECHNOLOGY ON A DAILY BASIS, IN YOUR WORK AND FOR YOUR PLEASURE?

This is a great question because it shows your comfort level with technology, which is very important for a remote worker because you will be working with technology over time...