Job
Description
About the role: We're looking for an experienced Staff Application Security Engineer for our Product Security team. Reporting to the Director of Vulnerability Management, you'll be responsible for: Conducting thorough static and dynamic analysis of our applications to identify and remediate security vulnerabilities early in the development process (SAST/DAST) Implementing SCA tools to identify and manage open-source components, ensuring that all third-party libraries and frameworks used in our codebase are secure and up-to-date (Software Composition Analysis) Assessing and securing our containerized environments and IAC deployments, ensuring that security best practices are followed to protect our infrastructure from potential threats (Container and Infrastructure as Code Security) What We're Looking for (Minimum Qualifications) Expertise in Application Security, encompassing over 4 years of hands-on experience in deploying and overseeing security protocols like Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA), or Infrastructure as Code (IaC) Proficiency with application security tools such as Snyk, Semgrep, Coverity, Checkmarx, Burp Suite, OWASP ZAP, and dependency management tools Strong understanding of secure coding practices, vulnerability management, and remediation techniques with expertise in source control (Github, Bitbucket) and CI pipelines (ArgoCD, Jenkins) Experience in identifying and addressing security vulnerabilities within codebases, ensuring prompt and efficient management throughout the CVE/CWE lifecycle What Will Make You Stand Out (Preferred Qualifications) Experience as a software developer or within a DevSecOps position, with proficiency in programming languages such as Java, Python, JavaScript, C/C++, and Golang Extensive experience in Cloud Security, adept at securing cloud environments including AWS, Azure, and Google Cloud, with comprehensive knowledge of cloud-native security tools and methodologies
