Application Security Engineer - SaaS Vendor

Published: 20 days ago
Expiry date: 01 Jun 2024 23:59

​Locke44 are proud to be working with this exciting SaaS Vendor. As they introduce new products and expand into new markets, we are seeking an Application Security Engineer to strengthen the Security Team. Reporting directly to the Information Security Officer, the Application Security Engineer will collaborate closely with the Product and Engineering teams to ensure the security of our software products.


Roles & Responsibilities:

  • Conduct security assessments to validate the design of applications.

  • Conduct threat modeling exercises to identify potential security risks.

  • Lead the security champions program and provide guidance to team members.

  • Coach and support security champions in their daily tasks and initiatives.

  • Perform code reviews as necessary to ensure adherence to security best practices.

  • Contribute to the enhancement of the DevSecOps strategy.

  • Analyze, prioritize, and coordinate the remediation of vulnerabilities identified by various scanning tools.

  • Coordinate penetration testing efforts related to CluePoints' products.

  • Act as the primary point of contact for the Engineering and Product teams regarding all application security inquiries.


Qualifications:

  • Minimum 5 years of experience in the security sector or on projects prioritizing security.

  • Proficiency in at least one high-level programming language (e.g., Python, JavaScript, etc.).

  • Understanding of application development processes.

  • Familiarity with application security principles, including threat modeling, secure coding practices, infrastructure security principles, architecture, and network layers.

  • Experience in vulnerability management.

  • Knowledge of OWASP and MITRE ATT&CK frameworks.

  • Solid understanding and preferably hands-on experience with a wide range of security technologies, including WAF, SAST, DAST, SCA, and penetration testing tools.

  • Familiarity with SOC 2, ISO27001, NIST CSF, or PCI-DSS standards.

  • Up-to-date knowledge of cybersecurity threats, current best practices, threat modeling, and risk mitigation techniques.


Full spec available. Please apply to Locke44 for the details.