.The Role: As a Senior Security Engineer, you will play a pivotal role in establishing and spearheading our company's appsec program, ensuring the security of our products and services. You will be responsible for conducting comprehensive security assessments, identifying and remediating vulnerabilities, and collaborating with our product and tech teams to integrate security into the development lifecycle. This is an opportunity for you to make a tangible impact on our company's security posture and contribute to the development of secure and reliable products. Responsibilities: Establish and manage the appsec program from scratch, defining policies, procedures, and tools to ensure the security of our applications. Conduct comprehensive system design and architecture reviews, identifying insecure design elements and proposing secure alternatives. Perform thorough code reviews on critical changes, ensuring adherence to secure coding practices. Execute rigorous penetration testing (black, gray, whitebox) to uncover vulnerabilities and strengthen our defenses. Collaborate with product and tech teams to prioritise vulnerabilities, verify fixes, and integrate security into the development process. Drive the management of both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findings, ensuring optimized signal-to-noise ratios. Perform threat modeling using techniques such as STRIDE to identify and mitigate potential security threats. Partner with Product Managers to embed security requirements into product development. Educate developers on secure code best practices, fostering a security-conscious culture within our engineering teams. Background/Experience: 5+ years of experience in application security, with a proven track record of identifying and remediating vulnerabilities. Strong understanding of secure coding practices, including OWASP Top 10 and SANS 25 Most Critical Software Errors. Experience with static and dynamic application security testing tools. Proficiency in penetration testing methodologies, including black-box, gray-box, and white-box testing. Familiarity with threat modeling techniques such as STRIDE and PASTA. Proficiency in Microsoft C# code and expertise in Cloud Security as a distinct advantage. Bachelor's degree in Computer Science, Information Security, or a related field. Soft skills: Leadership: Ability to guide and inspire teams towards a common security goal. Perseverance: A determination to tackle complex security challenges head-on. Navigating Unstructured Environments: Comfortable in dynamic and evolving settings. Initiative: Proactive in identifying and addressing security risks. Autonomy: Capable of driving initiatives independently. Influence: Skilled at persuading and leading without formal authority. Conflict Resolution: Adept at resolving disagreements to achieve consensus. Self-Motivation: Driven to excel and continuously improve
