We are looking for an Application Security Engineer.
The ideal candidate will have a strong background in application security, coupled with expertise in product security, infrastructure management, and DevOps practices.
You should be comfortable wearing multiple hats and thrive in a fast-paced, collaborative environment.
If you're ready to push the boundaries of application security and contribute to a culture of uncompromising quality, we want you on our team.
Join us in our quest for the holy grail of security zero vulnerabilities!
What you will do:
Conduct internal penetration testing against our applications and APIs.
Design, build, and implement the Secure SDLC process, integrating security into all stages of the software development lifecycle.
Evaluate product design and architecture against security best practices, offering guidance on prioritization and remediation.
Build and automate security testing as part of our CICD pipeline and cloud environments.
Develop and lead projects, implementing various security tools and technologies, such as: SAST, DAST, SCA, etc. vulnerability scanners, and Kubernetes (K8s) security tooling.
Mentor development teams through training and hackathons.
Monitor and respond to security incidents across company environments
Requirements: 3+ years of relevant experience
Experience with application security and hands-on penetration testing
Experience in application development with at least one modern programming language.
Experience performing code reviews
Expertise in security tools and processes, including SAST, DAST, SCA, vulnerability scanners, and Kubernetes security tooling.
Knowledge of DevOps and DevSecOps practices
Knowledge of web application architectures
Knowledge of threat modeling
Strong self-driven learning abilities, staying current with industry trends and technologies
What is Nice to Have:
Offensive Security Certifications such as OSCP, AWAE, OSCE
Relevant certifications and knowledge in cloud such as: AWS, Azure, CISSP, CCSK, Kubernetes (K8s).
Knowledge of security frameworks, regulations, and standards such as HITRUST, HIPAA, and SOC2.
Experience with CTFs and/or bug bounties
This position is open to all candidates.