- The Senior Application Security Engineer will be a member of the Security group and will work closely with Product Design, Software Development, and Production Operations.
- The Application Security team at Diligent is primarily responsible with overseeing secure development, creating best practices and processes for the technology organization, and maintaining security tools and procedures.
- The ideal candidate will come from a development lead, security engineer, or DevOps background with a strong passion and interest in security.
- This person should be self-motivated, enjoy security work, and thrive working in a global, dynamic, growing company environment.
Key Responsibilities
- Drive program management activities required to establish effective delivery and execution of SSDLC activities
- Triage and validate internal and externally reported issues and recommend solutions that fit Diligent s risk profile
- Perform application security code reviews and penetration testing
- Contribute to security policy, standards, and guidelines related to guide our product and technology teams
- Evangelize software security best practices
- Performing Design Reviews, SAST, DAST and other capabilities required to scale security reviews across the organization
Required Experience/Skills
- Strong understanding of Software Security Architecture and Design, SDLC, CI/CD, and the ability to clearly articulate best practices for application security .
- Experience with AWS services and security controls
- Excellent understanding of OWASP Top 10, Mitre ATT&CK, NIST, CVSS, and CWE criteria
- Expert experience with code analysis and/or penetration testing tools
Preferred Experience/Skills
- Experience working with product and software development teams to drive remediations to threats and vulnerabilities for SaaS based commercial products
- Experience with performing risk assessments to evaluate risk and provided appropriate recommendations on risk mitigations
- Experience with container technologies such as Docker, ECS, Kubernetes and container security
