As an Application Security Expert, you will support and product and development teams in application security, including threat modeling and security reviews, assist teams in reproducing, triaging, and addressing application security vulnerabilities, assist in development of security processes and automated tooling that prevents classes of security issues, perform internal and external penetration tests, vulnerability assessments and code reviews and more.
Requirements: At least 5 years experience in application security.
Comes from a strong application penetration testing background.
In Depth familiarity and ability to explain common security flaws and ways to address them (e.g. OWASP Top 10 at minimum).
Strong understanding and experience with common security libraries, security controls, and common security flaws.
Has engineering responsibilities over their cyber domain area technology and services (Application Security, Cloud, Identity and Access Management, Data Protection, Network Segmentation, OT security controls and Vulnerability Detection).
Provide oversight of managed service resources supporting cyber engineering projects (e.g., implementation, upgrades, enhancements) and is responsible for one or more controls/services and relevant technology, including consulting to development teams.
Partner with architecture team to conduct architecture reviews and security operations.
Strong development or scripting experience and skills.
Youre able to significantly and effectively contribute to the product and its security.
Good working and current knowledge of at least 4 of the following programming languages:
C#
C++
Java
JavaScript
Python
SQL
.Net
UML
Bash
Ruby
Strong knowledge of at least 4 of the following communications protocols:
HTTP
TCP/IP
UDP
WebSocket
MQTT
Zigbee
XMPP
Team Player and self-driven
Ability to work simultaneously on multiple projects.
Advantage:
Be a subject matter expert (SME) of at least 2 technical areas impacting the security of the product.
Comes from an enterprise/corporate (not start-up) background.
Knowledge of LoRa / LoRaWAN, Cellular communications.
Experience identifying security issues through code review (and able to use GitHub or AzureDevOPS).
Have good understanding in Cloud and on-premises product types (e.g. hardware and mobile).
This position is open to all candidates.