Application Security Developer
Gro Intelligence
·
Posted:
August 7, 2023
·
Hybrid
About the position
Gro Intelligence is seeking a highly motivated individual to join their team as a Security Engineer. In this role, you will work closely with agile development teams to design, implement, and automate security guardrails throughout the software development lifecycle. Responsibilities include triaging and analyzing security vulnerabilities, managing security technologies, performing code and architecture reviews, and assisting in the development of security processes and automation. The ideal candidate will have experience in a similar role, familiarity with security flaws and mitigation strategies, development or scripting skills, and knowledge of network and web protocols. A bachelor's degree in computer science or a related field is preferred.
Responsibilities
- Embed with agile development teams to design, implement, and automate security guardrails across all phases of the software development lifecycle (SDLC).
- Assist teams in triaging, analyzing and prioritizing remediation of application security vulnerabilities.
- Manage security technologies, including but not limited to application security testing (SAST), dynamic application security testing (DAST), container security and software composition analysis (SCA) tools, to integrate security guardrails into the continuous integration/continuous development (CI/CD) pipeline.
- Perform security focused code and architecture reviews.
- Assist in development of security processes and automation that prevent classes of security issues.
- A highly motivated, self-starting individual with keen interest in enabling security development practices.
- 1+ years of experience in a similar role, including previous experience implementing and/or managing SDLC security tools (e.g., SCA, SAST, DAST, etc.).
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10).
- Development or scripting experience and skills. Familiarity with Python, JavaScript and/or Rust is preferred.
- A basic understanding of network and web related protocols (eg: TCP/IP, UDP, HTTP, HTTPS).
- Intermediate to advanced knowledge of: Linux, Git, Docker and CI/CD pipelines.
- Excellent communication skills (written and verbal) and the ability to translate both technical and business needs into security requirements.
- Bachelor’s degree or equivalent work experience in computer science or a related technical field.
- Knowledge of cloud (AWS, GCP, Azure) and Kubernetes security best practices.
- Proficiency in Terraform, Pulumi or any Infrastructure as Code platform.
- Experience performing application security penetration tests, participating in bug bounty programs or red team operations.
- Accredited IT (including cloud) and/or information security certifications.
Requirements
- 1+ years of experience in a similar role, including previous experience implementing and/or managing SDLC security tools (e.g., SCA, SAST, DAST, etc.)
- Familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10)
- Development or scripting experience and skills. Familiarity with Python, JavaScript and/or Rust is preferred
- A basic understanding of network and web related protocols (eg: TCP/IP, UDP, HTTP, HTTPS)
- Intermediate to advanced knowledge of: Linux, Git, Docker and CI/CD pipelines
- Excellent communication skills (written and verbal) and the ability to translate both technical and business needs into security requirements
- Bachelor’s degree or equivalent work experience in computer science or a related technical field
- Knowledge of cloud (AWS, GCP, Azure) and Kubernetes security best practices
- Proficiency in Terraform, Pulumi or any Infrastructure as Code platform
- Experience performing application security penetration tests, participating in bug bounty programs or red team operations
- Accredited IT (including cloud) and/or information security certifications
Benefits
- Salary range of $115,000 - $150,000
- Equity
- 20 days of PTO
- 2 floating holidays
- Health, vision, and dental insurance
- Hybrid work schedule (3 days in-office, choose days that work best)
- Diverse and inclusive company culture
- Opportunity for collaboration with experts from various backgrounds
- Equal opportunity employer
- Accommodation for disabilities or special needs