Staff Security Engineer

Bachelor’s degree in Information Technology, Computer Science, or related field
Good understanding of Application risks/vulnerabilities, e.g. OWASP Top 10 /CWE Top 25
Minimum 5 years working experience in Information Security
Experienced in designing and building application security solutions
Experienced in reviewing and implementing application security features
Experience in software supply chain security or vulnerability management of 3rd party libraries
Experience with *AST and SCA tools
Experienced in security integration of CI/CD

Responsible for the tuning of security scanning tools and the fixing of scanning results
Implement security left shift and security automation activities
Expand the scope of automated scanning to meet diverse business needs
Help development teams promptly remediate security findings. And Provide remediation guidelines for vulnerabilities
Design and various application security-related metrics
Participate in the design and implementation of application security training
Review security features of application to ensures that they are implemented properly.
Coordinates with various teams involved in Information Security, Risk, Architecture, and development teams.
To work together with global teams across different time zones to support urgent project need

Experienced in one or several languages, e.g. Python/Java, can develop security tools
Have good development experience to understand the development team’s thoughts
Master the attack principles and preventive measures of various security types of application security
Good self-learning ability, be able to research new security tools independently.
Experienced in application security training
Be responsible, serious, and rigorous at work, strong learning ability, strong communication, and coordination