Engineer Sr., Application Security
About The Position
The Sr. Application Security Engineer at is responsible for implementing, operating, and maintaining software security capabilities for Carnival’s global brands in a digital, cloud-based environment. This role involves the implementation of software security controls, development of scripts and APIs to automate security governance, and the development of cloud infrastructure to support Application Security services. The Sr. Application Security Engineer will work virtually with development and operations teams across our global brands to advance a security culture that empowers Carnival to produce features and digital experiences that delight our guests while safeguarding the interests of both Carnival Corporation and our customers. The ideal candidate will have experience with software security best practices, cloud infrastructure, and security tools like SAST and DAST scanners.
Requirements
- Bachelor's Degree in Computer Science, Software Engineering, Mathematics, or similar; 5+ years of professional experience
- Hands-on experience writing software applications, including APIs, web applications, and scripts.
- Strong experience operating and administrating common security tools like SAST and DAST scanners.
- Strong experience communicating security findings to teams and following through on remediation efforts.
- Hand-on experience performing threat modeling and adversarial testing of software applications.
- Hands-on experience with cloud-native application development and operations, including the use of CI/CD pipelines, cloud compute resources, and containerization (e.g. Docker and Kubernetes).
Responsibilities
- Program, engineer, implement, and administer IT Security technical controls and tools to assess vulnerabilities, misconfigurations and incidents.
- Consult with development teams to test and assess software vulnerabilities from sources like security scanners and bug bounty programs.
- Implement and automate new governance processes and controls to ensure that application security activities are being carried out and are done so easily by software development teams.
- Develop and maintain cloud infrastructure and Kubernetes clusters using modern techniques like infrastructure as code (IaC) to host Application Security capabilities for consumption by brand teams.
- Perform security reviews of applications and releases to ensure they meet relevant policies, standards, and guidelines.
Benefits
- Cost-effective medical, dental and vision plans
- Employee Assistance Program and other mental health resources
- Additional programs include company paid term life insurance and disability coverage
- 401(k) plan that includes a company match
- Employee Stock Purchase plan
- Holidays – All full-time and part-time with benefits employees receive days off for 8 company-wide holidays, plus 2 additional floating holidays to be taken at the employee’s discretion.
- Vacation Time – All full-time employees at the manager and below level start with 14 days/year; director and above level start with 19 days/year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 84 hours/year. All employees gain additional vacation time with further tenure.
- Sick Time – All full-time employees receive 80 hours of sick time each year. Part-time with benefits employees receive time off based on the number of hours they work, with a minimum of 60 hours each year.
- Complementary stand-by cruises, employee discounts on confirmed cruises, plus special rates for family and friends
- Personal and professional learning and development resources including tuition reimbursement
- On-site Fitness center at our Miami campus
- Annual cash bonus program
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
