Glocomms is partnered with a cybersecurity SaaS platform who is seeking a fully remote Senior Application Security Engineer within Product Security, to play a critical role in safeguarding products from emerging threats.
You will be responsible for designing, implementing, and managing security measures to protect applications and services. As a technical leader, you will collaborate with various teams to embed security best practices into every aspect of the product lifecycle, ensuring compliance with industry standards and regulatory requirements.
Key Responsibilities:
- Develop a comprehensive understanding of products, services, and architectures to identify potential security risks and vulnerabilities.
- Conduct thorough security assessments, including threat modeling, secure architecture reviews, code reviews, and penetration testing of web and mobile applications.
- Interpret security vulnerability reports and provide actionable advice on prioritization, remediation, and mitigation to stakeholders with varying technical backgrounds.
- Collaborate with development teams to integrate security into all phases of the Software Development Life Cycle (SDLC), ensuring secure coding practices and adherence to industry standards.
- Create and maintain detailed documentation for security processes, protocols, and guidelines.
- Deliver accurate and concise security metrics to stakeholders and business leaders, providing clear insights into the organization's security posture.
- Stay up-to-date with the latest security vulnerabilities, tactics, techniques, and procedures (TTPs) to maintain high proficiency in relevant security topics.
- Develop and deliver security training and education programs across the organization to enhance security awareness and practices.
- Develop innovative and scalable tools, solutions, and processes to improve product security operations and effectiveness.
- Support the implementation of security tools, ensuring their effectiveness, and accurately interpreting results for relevant stakeholders.
Qualifications:
- 8+ years of experience in Application Security roles, with a strong focus on application, API, database, and infrastructure security.
- Deep understanding of security vulnerabilities, defense techniques, and best practices. Ability to clearly explain vulnerabilities and their implications to stakeholders with varying levels of technical expertise.
- Proven experience in performing threat modeling and providing actionable recommendations based on results.
- High proficiency in scoring security vulnerabilities using the Common Vulnerability Scoring System (CVSS).
- Strong understanding of Secure Software Development Life Cycle (SSDLC) and experience with development and integration tools used in CI/CD pipelines.
- Experience in providing secure coding training and education to developers, going beyond generic remediation advice to offer tailored solutions.
- Knowledge of one or more major cloud providers (Azure, AWS, GCP) and their security practices.
- Experience with authentication and authorization standards and protocols, such as SAML, OAuth, LDAP, and Active Directory (AD).
- Practical knowledge of applied cryptography, including encryption at rest, TLS, hashing, and common cryptographic attacks.
- Ability to read and write code fluently, with a strong understanding of secure coding practices.
- Ability to thrive in a self-directed, highly collaborative, and cross-functional environment.
- A strong passion for researching vulnerabilities and staying ahead of the latest exploitation techniques.
