Application Security Engineer – Product Security

Are you an experienced application security engineer, feel comfortable working within an agile environment and want to help (and inspire!) an engineering team successfully secure a high availability, critical platform product, in an impactful sector?

If you like to both break and make things (or at least make things more secure?!) and help devs / engineers to become better at infosec, improving their secure development skills so security is by design, and is build in versus bolt, on this could be a great team for you.

Join a strong engineering team, with room to take initiative and drive things, and add value to the security efforts (security in SDLC, automated testing, threat modeling, code reviews, coordinating security testing, champion security in development environment) in a complex, high uptime environment.

More information on the role, the team and environment is available – get in touch!

Some of the role details:

• All around security engineering (threat modeling, security assessments, secure development life cycle, security architecture reviews, source code reviews) both on the applications and the relevant infrastructure.
• Drive code reviews, and guide and help the development teams to create more secure products, and improve the security of the current products.
• Contribute to bringing security by design in its day to day efforts, while raising security awareness.
• Bring security in the development cycle, by helping improving and standardizing the application development life cycle going for Secure SDLC.
• Improve and automate security, using various methods and tools.

Requirements:

• Security engineering / testing (4+ years) and ideally a background in programming / or feeling very comfortable with code and good experience in doing code reviews – experience working in an agile environment a plus.
• Versatile on securing / testing / code reviewing / securely configuring different parts: applications, containers, cloud infrastructure.
• Product security relevant experience (threat modeling, security architecture, cloud security, on the various product phases and ideally in a CI/CD environment).
• Team player with good mentoring skills to be able to effectively collaborate with the various engineering teams and product owners to help them bring more secure applications to the market.
• Good communication skills, strong reporting and presenting abilities as you’ll be working with a lot of internal and external stakeholders.
• Curiosity, problem solving and service mentality, ability to learn and grow.

Get in touch to discuss further and share more details on this or other relevant opportunities (including discussing your career in information security in general!).

Relevant terms: AppSec, IT Security, SSDLC, Product security, CI/CD, CICD, Threat Modeling Security Architecture, Architecture Design Reviews,  OWASP, OSSTM, SCRUM, Agile, Java, Javascript, Python, Terraform, Azure, AWS, Web Application, Web Services, API, Penetration Testing, PenTest, Security Breach, Source Code Reviews, Secure Code Analysis, Threat Analysis, SAST, DAST, SCA, Container Security, Kubernetes Security, EKS, Infrastructure as Code, Burp, Wireshark, Security Engineering, Software Security, CSSLP,  Application Security, Web Application Testing, API testing, Security Testing Automation, Cryptography, TLS, SSL, Accunetix, Appscan.

Base Cyber Security helps organizations build knowledge and capabilities in information security. Supporting organizations putting together strong infosec teams or finding the right cyber security experts for their needs is a big part of that.

We work with security professionals globally for information and cyber security roles and projects across all industries in Europe. Whether you are starting your career in information security, need advice for your next step, deciding on how to build knowledge or choose a growth area in security to continue with, let’s have a conversation!

If you have not yet registered with the Base Cyber Security network, be sure to do so! Send us your details at [email protected] & follow us on Twitter @BaseCyberSec to stay up to date with our activities and relevant info.

By registering with the security community and / or showing interest in a specific role, project or team, you agree with sharing your personal information with Base Cyber Security, which will in turn collect, use and process this in an ethical, private and compliant (including under the GDPR where applicable) manner.