Application Security Engineer

We are looking to hire an eager and experienced Application Security Engineer. This individual will support our Security Team in providing security support for our development houses and ensure the privacy and security of confidential, business and personal information.

With diversity and inclusion at the core of our people agenda, we believe our teammates are our greatest asset, and as a member of the Engineering team, you will help accelerate our products across the globe!

Key responsibilities:

• Drafting security requirements for any system, service or integration needed by our products
• Collaborate frequently with different engineering teams to identify and address security issues
• Attend the daily stand ups to ensure that product features have security "built in"
• Performing technical tasks on the change and integration reviews
• Have a part in every aspect of the development life-cycle

Minimum skills and qualifications:

• 3+ years of application security experience (source code auditing, penetration testing, product assessments, vulnerability research, reverse engineering, etc)
• Influence the design and implementation of upcoming products and services with security and privacy by design mindset
• A "breaker" mentality, but effective at crafting the mitigating controls
• Working experience in authentication technologies, including OAuth, SAML, and SSO
• Proven knowledge of applied cryptography
• Strong familiarity with the Ruby on rails, Java language and modern web development (e.g. JavaScript, AngularJS, Node.js, etc.)
• Understanding of OWASP security concepts and common application security risks, such as XSS, CSRF, SQL Injection, Cookie Manipulation, etc
• Experience with web application security, DevSecOps and/or secure SDLC
• Provide hands-on remediation guidance to development teams
• Proven interpersonal skills: Ability to explain complex technical issues to both technical and non-technical audiences