Senior Application Security Engineer
Remote
Applications have closed
PointClickCare
The Senior Application Security Engineer will be part of a team driving embedding security seamlessly into the product development lifecycle, focusing on reducing risk in our software delivery processes. The Senior Application Security Engineer will serve as a technical interface, key adviser and subject matter expert working with Engineering, Product Management, SaaSOps, and DevOps teams to determine security requirements and support development, testing and delivery of secure products in a modern public cloud architecture and to ensure a secure PointClickCare SaaS delivered product platform. You can expect to work closely with software development teams as well as third party organizations to ensure that security, privacy, and compliance requirements are planned for, designed, and built into software applications.
Responsibilities
- Provide subject matter expertise on secure architecture, design and coding practices based on current knowledge of security threats and vulnerabilities that could impact the technology stack Participate in and support application security reviews and threat modeling, including code review and dynamic testing.
- Own and perform application security vulnerability management.
- Facilitate and support the preparation of security releases.
- Support and consult with Product and Engineering teams in the area of application security.
- Assist in development of automated security testing to validate that secure coding best practices are being used.
- Identify solutions for difficult security problems while collaborating in a broader agile Application Security team
- Building a comprehensive solution to conduct consolidation, aggregation, and notification of security findings to respective stakeholders.
- Perform application testing and review security test results from scans and penetration testing to identify viable vulnerabilities that may be exploited and propose remediation solutions or mitigation controls.
- Develop security controls and processes for products and services developed and deployed for both on-prem and cloud environments.
- Perform threat modeling, conduct security architecture reviews and provide training to architects and developers to enhance adoption of secure coding practice within the product development lifecycle.
- Provide security related coaching, training and expertise to drive and elevate security expertise within the development teams
- Responsible for promoting, designing, and evaluating application security in all phases of the software development life cycle, and constantly looking for innovative ways to improve processes.
- Understanding of and experience securing cloud infrastructure and applications using contemporary cloud computing models (IaaS, PaaS, SaaS, etc) with emphasis on Azure/AWS technologies
- Write proof of concept code to demonstrate the severity of a potential security issue
Essential Qualifications
- Bachelor’s Degree in Information Technology or the equivalent combination of education, training or experience
- Significant experience in the field of cybersecurity and/or application security, including time as an engineer writing code, conducting code reviews or in a senior role contributing to secure software design, development and testing processes
- Expert knowledge in security best practices, principles, and common security frameworks such as OWASP, NIST and ISO
- Familiarity with common security libraries, security controls, and common security flaws.
- Basic development or scripting experience and skills. Ruby and Ruby on Rails is preferred.
- Experience building secure software based on frameworks such OWASP, BSIMM and SANS
- Significant experience with methodologies and security testing tools for threat analysis of complex applications and services including threat modeling, software fuzzing, static and dynamic analysis and penetration testing (SAST, DAST, RASP, SCA) and other application security testing tools and techniques.
- Knowledge of common scripting and compiled languages including C#, Java, JavaScript, Python, Perl, PowerShell, and the .NET development frameworks. Full stack experience including MySQL/SQL preferred
- Knowledge of secure architecture and design patterns for Web, Mobile and Microservices
- Knowledge of current and emerging threats and techniques for exploiting security vulnerabilities
- Advanced organizational, planning, communication, analytical and time management skills
- Experience working with developers.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Experience identifying security issues through code review
- Experience in integrating security solutions into CI-CD pipelines and automating tooling orchestration.
- Understand DevSecOps cultural mindsets, and an engineering focused approach to solving complex security problems
- Advanced degree in Information Technology, or the equivalent combination of education, training or experience CISSP, CISM or other related Information Security certifications
- Experience in SaaS and/or health care environments
- Experience with API security testing #LI-JW1#LI-Remote
Desired Qualifications
When you apply for a position, your information is processed and stored with Lever, in accordance with Lever’s Privacy Policy. We use this information to evaluate your candidacy for the posted position. We also store this information, and may use it in relation to future positions to which you apply, or which we believe may be relevant to you given your background. When we have no ongoing legitimate business need to process your information, we will either delete or anonymize it. If you have any questions about how PointClickCare uses or processes your information, or if you would like to ask to access, correct, or delete your information, please contact PointClickCare’s human resources team: recruitment@pointclickcare.com
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile APIs Application security AWS Azure BSIMM C CISM CISSP Cloud Compliance DAST DevOps DevSecOps Full stack IaaS Java JavaScript Microservices MySQL NIST OWASP PaaS Pentesting Perl PowerShell Privacy Python Ruby SaaS SANS SAST Scripting SQL Vulnerabilities Vulnerability management
Perks/benefits: Career development
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Principal Security Engineer jobs
- Open Product Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open IT Security Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Chief Information Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Windows-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open DevOps-related jobs
- Open Security assessment-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open CI/CD-related jobs
- Open IDS-related jobs
- Open DevSecOps-related jobs
- Open CEH-related jobs