Seeking a passionate engineer ready to create world-class solutions enabling developers to build secure software from the start. Do you have a passion for solving complex problems to keep data safe? A core principle is maintaining product security and protecting customer privacy. As part of the Application Security program, you will lead a shift-left strategy designed to improve the Secure SDLC for thousands of developers globally.
The candidate will join the Application Security team, providing global development community with static code scanning services on-premises. This includes supporting self-service code scanning, false positive reviews, CI/CD integration support, remediation consulting, app onboarding, and executive reporting.
- 3+ years of experience in Web App Security, Secure SDLC, DevSecOps
- Background in web app development, sys admin, and/or code auditing strongly preferred
- Experience in the deployment and management of SAST/DAST tools and technologies.
- Deep understanding of web application security threats, exploits, and prevention
- Ability to triage, reproduce, recommend remediation, and implement fixes for vulnerabilities
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they integrate with SAST/DAST.
- Comfortable writing in at least 2 development/scripting languages (Java, .NET, Python, etc.).
- Practical applied knowledge of OWASP Top 10, and can confidently speak to all.
- Passion for researching vulnerabilities, exploitation techniques, and industry trends/threats.
- Bachelor’s in Computer Science or equivalent, Masters preferred
- Experience communicating with Manager/Director-level leadership.
- Ability to work in a self-directed environment that is highly collaborative and cross functional.