site hit counter

Senior Application Security Engineer

Full Time
Denver, CO
Posted 30+ days ago
Job description

Company offers the most-trusted app building platform for anyone looking for a better way to work. Company gives businesspeople and IT experts the ability to easily build and integrate apps to track, manage, and automate processes in days, not weeks. Our customers make lasting and substantial improvements to their business using Company’s bullet-proof cloud-based technology — and they love getting the industry’s best customer experience every step of the way.

We are looking for an experienced Sr. Application Security Engineer to help us build our application security program.

As the Sr. AppSec Engineer, you lead efforts to shift-left and “make security easy” for the Engineering teams. You provide clarity, drive accountability, and push for continuous improvement as we build security into our applications and services.

The Sr. Application Security Engineer reports to the Director, Information Security. The position is fully remote with occasional travel to corporate HQ in Denver, CO.

Responsibilities

AppSec Leadership:

  • Lead efforts to further define and improve our application security strategy and secure SDLC processes.
  • Serve as a subject matter expert for secure coding practices, application pen testing, mobile platform security, and other aspects of application and product security.
  • Demonstrate and train others in secure coding practices and threat modeling.
  • Mentor and guide Security Champions embedded throughout the Engineering teams.
  • Lead efforts to define and implement a Responsible Disclosure program

Engineering Partnership:

  • Collaborate with Engineering to automate security testing in our CI/CD pipelines.
  • Collaborate with Engineering to confirm vulnerability findings. Leverage proof-of-concept exploit code to gauge our exposure.
  • Partner with Engineering and Product teams to prioritize security issues relative to vulnerability criticality and business goals.
  • Partner with Engineering to perform application security design reviews and code audits.
  • Collaborate with Engineering to drive attainment of shared product vulnerability metrics.

Continuous Education:

  • Maintain awareness of emerging mobile and web application vulnerabilities.
  • Maintain awareness of emerging practices in software engineering, DevOps, and application security.
  • Maintain technical expertise, certifications, and industry credentials through training, conferences, and professional organization membership

Qualifications:

  • Must have 4+ years of experience in application security.
  • Strong people skills and experience collaborating with developers and Engineering leadership to promote secure SDLC.
  • Strong foundations in software engineering.
  • Ability to articulate and show application vulnerabilities, exploitation techniques, and prevention concepts.
  • Experience with SAST, DAST, SCA, fuzzers, and related application security tools
  • Experience with open source or commercial webapp pen testing tools
  • Development experience with the following languages and/or frameworks: NodeJS, JavaScript, Java, React, Swift, Kotlin, and Python.
  • Effective cross-functional communication. Comfortably switches context between red, blue, and engineering team perspectives.
  • Strong sense of personal accountability and commitment to team success.

Education

  • B.S. or M.S. in Computer Science or related field.
  • AppSec or pen-test certification such as OSCP, OSWA, GWEB, GCPN or other relevant certification is a plus.

Differentiators

  • Experience with software assurance maturity models, e.g., OWASP SAMM
  • Experience with containers and Kubernetes
  • Experience with GitLab

Salary & Benefits

  • We cover 100% medical, dental, and vision benefits
  • We understand you have a life outside of work and have an unlimited, flexible time-off policy
  • We provide competitive paid parental leave for all new parents after 6 months

Intrested in this job?

Related Jobs

All Related Listed jobs

NYC Careers Queens, NY Today

As of August 2, 2021, all new hires must be vaccinated against the COVID-19 virus, unless they have been granted a reasonable accommodation for religion or disability. If you are offered city

Chef Joe's Catering Franconia, NH 03580 From $22 an hour 6 days ago

Pass food/drinks to guests. Create a seamless event for those who are attending. Ability to deliver above average customer service.

CAMBA Brooklyn, NY 11212 Today

Who We Are: CAMBA is a community of staff, volunteers, clients, donors, neighbors and partners who work together to build an inclusive New York City, where all children and adults have access to the

Vaco Mount Olive, NJ $60,000 - $65,000 a year 12 days ago

Enter accounts payable invoices electronically. Match supporting documentation to invoices. Match invoices to Purchase Orders.

Onin Atlanta, GA Today

Job Description Mowing, edging and fertilizing lawns Weeding and mulching landscape beds Trimming small trees, hedges and shrubs Removing unwanted, dead or damaged trees Planting

Fisker Inc Remote Today

About Fisker Inc. California-based Fisker Inc. is revolutionizing the automotive industry by developing the most emotionally desirable and eco-friendly electric vehicles on Earth.

Valley Iron Inc Fresno, CA 93706 $85,000 - $90,000 a year 9 days ago

The primary duties of the Senior Accountant include, but are not limited to, maintaining the general ledger, preparing financial statements, assisting with

Eastridge Workforce Solutions Blacksburg, VA Up to $110,000 a year Today

Experience with financial reporting, consolidations, multicurrency, and equity plans is a big plus. From time to time Eastridges clients may offer additional

The Institute for Family Health Kingston, NY 12401 30+ days ago

Under the direct supervision of the Family Support Specialist Supervisor, the Family Support Specialist is responsible for optimizing the home environment for

Crowell & Moring Chicago, IL 60611 7 days ago

The Billing Coordinator performs and manages complex billing arrangements for assigned attorneys or specific clients.