The job in short
As a Senior Application Security Engineer you’ll get a chance to take the lead in a team of Security Engineers working to ensure we build and maintain secure software that is used by millions of users around the globe. You have a hacker mindset and always strive to think like an attacker.
Meet the job
Your core responsibility is to analyse the software from a security perspective, and to identify and resolve security issues. Your input helps to improve the secure SDLC with its tools and processes. You validate that application security requirements have been met. You have expert understanding of application security and application security vulnerabilities. You provide guidance and workshops to developers and QA engineers on secure coding, security testing and working with security tools. You perform security code reviews and suggest improvements to development teams.
You will work closely with the Product Development teams as well as the Customer Success teams who take part in implementation projects. You thrive working with colleagues from multiple cultures. You mentor new team members and act as the go-to person for security in your area.
How about you?
● You have 5+ years of experience in a similar role;
● You have a Bachelor's degree in Computer Science, Information Security, Cyber Security or equivalent;
● You speak and write English on a professional level;
● You hold one or more security certifications such as CSSLP, CISSP, GWEB, GSSP-JAVA or CEH;
● You have expert understanding of application security, OWASP Top 10, SANS/CWE Top 25;
● You have expert understanding of security in the SDLC and SAST/SCA/DAST tools;
● You have a deep understanding of pen testing web applications or mobile applications;
● You have experience on security verification of web applications or mobile apps using OWASP ASVS/M-ASVS and testing guides.
In addition you master one of the following areas:
● Backend development and JAVA EE technologies, application servers and frameworks such as Spring and Spring Security;
● Mobile development and mobile application security for the Android and iOS platforms and understanding of Java, Kotlin, Objective-C and Swift;
● Security testing web applications and mobile apps, test automation and continuous integration tools.