Senior Application Security Engineer

Senior Application Security Engineer

Requirements

• A Bachelor’s Degree or comparable work experience
• 5+ years of work experience in Application Security, Information Security, or Compliance
• Mastery of programming languages (such as TypeScript/JavaScript, React, and Python); awareness of potential security flaws and secure coding practices
• Deep understanding of security frameworks and standards (OWASP Top Ten, ISO 27001)
• Proficient with security tools and technologies (SAST, IDS/IPS, firewalls, WAF, CSPM, SCA, CI/CD, IaC)
• Experience with database and data storage design with an understanding of how database roles and permissions relate to attack surface
• Comfort working in cloud hosted SAAS environment (preferably AWS)
• Knowledgeable on public key infrastructure, symmetric and asymmetric encryption
• Ability to critically evaluate the security of a system, identify potential vulnerabilities, and assess the impact of different security measures
• Ability to concisely communicate risk and recommendations for security issues to engineering teams
• Excellent communication skills; able to articulate complex security concepts to developers and other stakeholders in an understandable way
• Capacity to manage sensitive and secret information
• Ability to handle numerous activities at once
• Well developed analytical and problem-solving capabilities
• Ability to work effectively in a team, respect different perspectives, and collaborate towards a common goal
• Demonstrated initiative, customer orientation, and teamwork competencies

Responsibilities

• Assist in the evolution of our application security functions and services
• Implement, configure and monitor our security tools to help us detect and respond to new types of threats. Improve efficiency and reliability of these tools through scripting and automation
• Act as a subject matter expert for security solutions
• Assist junior security engineers with their development
• Provide guidance and recommendations on application security best practices
• Maintain knowledge of the latest security trends, threats, and countermeasures
• Raise awareness about application security within Alloy
• Foster a culture of security, encourage the adoption of secure practices, and work to ensure that security is considered at every level of the organization
• Work closely with engineering teams to secure their software throughout the entire software lifecycle from the design stage to monitoring post deployment
• Ensure that change management processes are adhered to across all platforms
• Integrate security tools and practices into the continuous integration/continuous delivery (CI/CD) pipeline
• Automate security checks and scans to identify and fix vulnerabilities early in the development process
• Conduct application security assessments and penetration tests to identify vulnerabilities and security issues
• Provide guidance to developers on secure coding practices
• Collaborate with infrastructure and development teams to ensure that security measures are effectively implemented in production environments
• Be a key player of Alloy’s vulnerability management program
• Discover application security issues in our code through penetration testing, source code review, and design review
• Analyze risk and triage issues based on severity. Communicate the issues to relevant teams with clear recommendations on how to fix them. Assist with fixing issues as needed
• Make sure vulnerable applications or systems are being promptly updated and vulnerabilities remediated
• Report and document security findings and remediation activities
• Troubleshoot production difficulties and performance constraints with security tooling, controls, and features
• Participate in Alloy’s bug intake and remediation process
• Stay vigilant and monitor ongoing security threats
• Analyze and respond to security incidents triggered by automated alerts, bug bounties, or external assessments
• Perform ongoing log analysis and monitoring, and set up alerts to be proactively alerted of concerning activity
• Document security incidents and the extent of the damage caused by the incidents
• Participate in incident response and handle activities related to application security incidents
• Work closely with incident response teams to mitigate the impact of a breach. This may involve coordinating with other IT professionals, communicating with stakeholders, and assisting in the recovery process
• Investigate incidents, identifying the cause, and implementing measures to prevent similar incidents in the future
• Participate in on-call rotation

Preferred Qualifications

No preferred qualifications provided.