Senior Application Security Engineer

Share
  • Facebook
  • Twitter
  • LinkedIn
  • Email
  • Search
  • Jobs/gigs
  • Post a job
  • Your jobs (posted or applied)
  • Alerts (preferences)
  • Your genome
  • Signal
  • Messages
  • Torre's product roadmap
  • Request features
  • API for developers
  • Help
  • English (en)
Language

What language do you want to use Torre in?

Senior Application Security Engineer

A full-time team member or employee

Skills and experience needed

5+ years of experience
Risk assessment
Security
2+ years of experience
Software Development
Python

Organization(s) name(s)

Location

Monetary compensation

USD$113,000 to 154,000 /year
(Estimated by Torre The quoted compensation hasn't been verified by the organization. It's Torre's estimate based on the job requirements contained in the post. )

Monetary compensation

USD$113,000 - 154,000 /year
(Estimated by Torre The quoted compensation hasn't been verified by the organization. It's Torre's estimate based on the job requirements contained in the post. )

Why this opportunity exists

The Product Security organization oversees engineering security practices across the entire product organization and therefore the securing of multiple products (both on-prem builds and SaaS). Product Security is multi-faceted with respect to the counterparts it is interacting with: engineering teams, product management, product marketing, legal and external customers; it is at the cross-road of everything we build. You will be involved in a vast array of endeavors to build our security program, which includes a lot of freedom to define our next steps. Your primary task will be to automate and glue a variety of systems and tools to come up with a state-of-the-art security pipeline. You will also lean on other engineering endeavors for our compliance program, work on the application security pipeline, drive cloud security practices, docker and kubernetes security, vulnerability management, educating our engineering workforce, or harden our software supply chain.

Responsibilities

• Work on web application security, including front-end and back-end. • Work hand in hand with Ops on cloud security and incident response. • Drive and follow-up on risk assessments, security reviews with Product teams. • Work closely with the product engineering teams to deliver security requirements/features into the design, implementation, and delivery of new services, based on OWASP SAMM. Engineer and automate our global product security program: • Define and implement application security pipelines. • Work on our software supply chain security with product teams. • Develop or integrate libraries and other building blocks to enable all CloudBees services to operate and handle user data more securely. Improve and use our main vulnerability management application (OWASP DefectDojo) • Including strengthening its integration to other tools Help raise the profile of security across engineering: • Educate and evangelize security engineering throughout the organization. • Re-engineer processes as needed in collaboration with the teams.

Additional requirements (other than skills)

• The hacker mentality of doing whatever it takes to figure out and solve a problem. There is no lie in saying we will be asking for a lot :-) • Proficiency using CI/CD tools to create and manage automated pipelines (e.g. Jenkins pipelines, or any other of our competition ;-)) • Strong proficiency in scripting (Golang, Python, Java/Groovy preferred) • Experience with authentication/authorization protocols such as OAuth, OICD, SAML. • Practice of the OWASP Top Ten (web, API) security risks and how to mitigate them. • Infrastructure level experience with Google Cloud, Kubernetes (GKE), Terraform and Helm charts would be nice to have. • Passion for automating all the things, while keeping security in mind at all times.

Language(s) required

English - fully-fluent

Career path

Prior experience (5+ years) as an appsec engineer, including: • Risk Assessment / Threat Modeling • Security reviews (incl. active vulnerability research) • Automation • Secure SDLC • Prior experience (2+ years) working with Product teams, directly interacting with software development and operations teams.

About the organization(s)

• CloudBees is powering the continuous economy by offering the world’s first end-to-end continuous software delivery management system (SDM). For millions of developers and product teams driving innovation for businesses large or small, SDM builds on continuous integration (CI) and continuous delivery (CD) to enable all functions and teams within and around the software delivery organization to best work together to amplify value creation. • CloudBees is the continuous integration (CI), continuous delivery (CD) and application release automation (ARA) powerhouse built from the commercial success of its products and its open source leadership as the largest contributor to Jenkins and a founding member of the Continuous Delivery Foundation (CDF). With a globally distributed workforce of more than 500 employees, the company reflects the global nature of the DevOps movement. We believe in walking the talk! From startups with full-stack developers practicing NoOps to large Fortune 100 companies, CloudBees enables all software-driven organizations to intelligently deploy the right capabilities at the right time. • Over 3,500 of the world’s best known brands and over 50% of the Fortune 500, invest in CloudBees because of its ability to work across any cloud, in any development environment and to balance corporate governance and control with developer flexibility and freedom.

Team culture

• At CloudBees, we truly believe that the more diverse we are, the better we serve our customers. A global community like Jenkins demands a global focus from CloudBees. Organizations with greater diversity—gender, racial, ethnic, and global—are stronger partners to their customers. Whether by creating more innovative products, or better understanding our worldwide customers, or establishing a stronger cross-section of cultural leadership skills, diversity strengthens all aspects of the CloudBees organization. • In the technology industry, diversity creates a competitive advantage. CloudBees customers demand technologies from us that solve their software development, and therefore their business problems, so that they can better serve their own customers. CloudBees attributes much of its success to its worldwide work force and commitment to global diversity, which opens our proprietary software to innovative ideas from anywhere. Along the way, we have witnessed firsthand how employees, partners, and customers with diverse perspectives and experiences contribute to creative problem solving and better solutions for our customers and their businesses.

Additional details

• Uur preferred team member will work US east working hours. We fully embrace remote working. We use remote tools extensively, including Slack and Google Docs.

Additional benefits

• Highly competitive benefits and vacation package
• Ability to work for one of the fastest growing companies with some of the most talented people in the industry
• Team outings
• Fun, Hardworking, and Casual Environment
• Endless Growth Opportunities

Agreement type

Employment

Posted: November 11, 2020 06:58 PM

Mariajosé Gómez
Mariajosé Gómez Verified
Independent recruiter
You have signaled .Would you like to apply for this opportunity?
Signals

Signals are a way of compiling a list of people you’ll consider working with. Others can signal you as well.

By signaling a person or organization you notify them that you’ll consider working with them. Thus:

  • You will be notified of all or relevant jobs they post or when they’re open to new opportunities (your choice).
  • When they search for talent, they’ll notice you signaled them.
  • Your signals are only visible to people you have signaled. You can, however, share them with others to collaborate.

55% of jobs are filled via referrals 1 . With Signals, Torre makes it easy for you.


Mariajosé is using Torre to find talent and opportunities. LEARN MORE and POST A JOB.