Lead Application Security Engineer
AppDirect
·
Posted:
July 17, 2023
·
Remote
About the position
AppDirect is seeking a Lead Application Security Engineer to join their Global Application Security Team. The role involves implementing and enforcing secure code principles, identifying security gaps and vulnerabilities, conducting security reviews and code audits, and ensuring end-to-end security of the AppDirect Marketplace. The ideal candidate should have at least 5 years of professional hands-on experience in application security, a strong understanding of secure coding practices, and knowledge of industry-standard frameworks such as OWASP TOP 10. They should also have experience working with development, engineering, and architecture teams to ensure security best practices are followed.
Responsibilities
- Implement and enforce secure code principles (e.g., OWASP TOP 10) across all AppDirect products
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, penetration testing, code review
- Participate in design and architecture reviews to provide security guidance and recommendations and help shift left the security activities at AppDirect
- Conduct security reviews and code audits to identify vulnerabilities, propose remediation strategies and work with Engineering teams to lower the risk
- Ensure end-to-end security of AppDirect Marketplace by hands-on testing, hypothesizing threats, helping development teams remediating risks upfront, and championing secure implementation efforts
- Evaluate and secure the CI/CD pipeline to ensure the safe and reliable delivery of products
- Develop and deliver training programs to promote security awareness among developers and engineers
- Work closely with Developers and Pipeline team to best secure the code and the tools used to deliver the product
- Write Policies, Standards, Processes, Guidelines and help answering customer questionnaires.
Requirements
- At least 5 years of professional hands-on experience in application security
- Strong understanding of secure coding practices and knowledge of industry-standard frameworks such as OWASP TOP 10
- Knowledge and experience working with one or more SAST, DAST, IAST, SCA and Fuzz testing tools
- A strong foundation of security architecture, protocols, vulnerabilities, and countermeasures
- Experience working with development, engineering, and architecture teams to ensure security best practices are followed
- Experience with one or more programming languages and Frameworks including but not limited to: Java, JavaScript, React, NodeJS, Python
- Experience with containerization
Benefits
- Implement and enforce secure code principles (e.g., OWASP TOP 10) across all AppDirect products
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, penetration testing, code review
- Participate in design and architecture reviews to provide security guidance and recommendations and help shift left the security activities at AppDirect
- Conduct security reviews and code audits to identify vulnerabilities, propose remediation strategies and work with Engineering teams to lower the risk
- Ensure end-to-end security of AppDirect Marketplace by hands-on testing, hypothesizing threats, helping development teams remediating risks upfront, and championing secure implementation efforts
- Evaluate and secure the CI/CD pipeline to ensure the safe and reliable delivery of products
- Develop and deliver training programs to promote security awareness among developers and engineers
- Work closely with Developers and Pipeline team to best secure the code and the tools used to deliver the product
- Write Policies, Standards, Processes, Guidelines and help answering customer questionnaires
- At least 5 years of professional hands-on experience in application security
- Strong understanding of secure coding practices and knowledge of industry-standard frameworks such as OWASP TOP 10
- Knowledge and experience working with one or more SAST, DAST, IAST, SCA and Fuzz testing tools
- A strong foundation of security architecture, protocols, vulnerabilities, and countermeasures
- Experience working with development, engineering, and architecture teams to ensure security best practices are followed
- Experience with one or more programming languages and Frameworks including but not limited to: Java, JavaScript, React, NodeJS, Python
- Experience with containerization technologies (e.g., Docker, Kubernetes) and securing containerized applications
- Familiarity with CI/CD tools and pipelines (e.g., Jenkins, ArgoWorflows, etc.) and securing the delivery process
- Strong analytical and problem-solving skills, with the ability to think outside the box and quickly adapt to new technologies
- Ability to communicate effectively utilizing critical thinking skills, the ability to learn new concepts, and problem-solving as they arise
- Self-motivated; able to work independently and aiming to lead a world-wide team