Sr. Application security engineer

As a Lead, Application Security at Capillary Technologies, you will play a crucial role in driving the application security function to the next level, ensuring enhanced security of our product. Your responsibilities will include: - Performing design consultation, architecture review, threat modeling, code review, and testing to identify and address security vulnerabilities. - Assisting in the development of test cases, scripts, and procedures for automated security testing as part of the CI/CD pipeline. - Conducting application vulnerability assessments and analyzing output from security tooling to provide guidance on remediation. - Collaborating with development and QA teams to prioritize remediation based on security scanning tools" output. - Identifying toolsets and vendors, driving their adoption and implementation to strengthen security measures. - Staying updated on industry trends, best practices, and implementing them effectively at Capillary. To excel in this role, you should possess the following skills and expertise: - 6+ years of progressive experience in the application security domain, with at least 2 years in a cloud-based/SaaS environment. - Coding experience and thorough knowledge of cloud computing, especially SaaS concepts. - Previous work experience in a devsecops function and understanding of common code review methods and standards. - Knowledge of secure coding patterns and pitfalls in multiple languages, along with experience in providing security reviews of web applications, mobile applications, web APIs, and cryptography. - Familiarity with static and dynamic analysis tools, offensive security tools, and penetration testing at the application level. - Expertise in development and test toolsets, OWASP tools and methodologies, and modern SDLC practices in Agile and DevOps environments. - Strong communication and collaborative skills to work effectively with cross-functional teams. Capillary Technologies is an enterprise-grade SaaS technology provider operating in the loyalty domain to help customers engage users and enhance business outcomes. The company complies with ISO 27001, PCI, SOC 2 type standards for information security and adheres to data privacy laws like GDPR and CCPA. Join us in our mission to elevate application security and safeguard our product effectively.,