Snr. Application Security Engineer
Clearwater, Florida
KnowBe4, Inc.
KnowBe4 provides security awareness training, anti-phishing protection, and real-time security coaching, enabling you to build a stronger security culture.The Senior Application Security Engineer performs all processes and procedures necessary to ensure the safety of KnowBe4 applications and products (on premise and in cloud). In addition, the primary responsibility is to protect the privacy, confidentiality, integrity, and availability of company and customer data by conducting security assessments, triaging security findings and having a proactive approach in assisting the engineering and development team to develop secure applications.
Responsibilities:
- Assist the development and engineering teams to architect and develop secure applications and infrastructure
- Perform certification and accreditation prior to releasing new products and features to production
- Address security throughout the development lifecycle
- Assist in automating and scaling security solutions across the software development lifecycle
- Perform Security reviews and Penetration testing across company products and services
- Perform automated and manual vulnerability scans and triage vulnerabilities across company products
- Perform reviews of security findings from container scans, dependency checks and static code analysis tools.
- Oversee the bug bounty program
- Provide secure coding guidance to engineering teams
- Provide hands-on remediation guidance to development teams
- Security training and outreach to internal development teams
- Assist in performing security reviews of the source code
- Design, develop, document, create, and analyze configuration settings, rules, and alerts associated with enterprise risk, security systems, security applications.
- Stay informed on the latest vulnerabilities
- Ensure the existing/new applications and/or technology infrastructure elements comply with enterprise security, control and audit standards in addition to passing local and federal regulatory examinations.
Minimum Qualifications:
- Relevant field or experience in IT and infosec.
- Has strong understanding of information security, including a broad range of exposure to cloud infrastructure, systems analysis and application development, vulnerability scanning, policies and procedures, and audits.
- Experience with cloud computing environments including infrastructure as code, containers and functions.
- Strong knowledge of CWE top 25 and OWASP top 10 vulnerabilities
- Understanding of MITRE ATT&CK matrix
- Experience with code development and can read and understand source code in several programming languages such as Ruby, PHP, Go, JS, Python.
- Automated and Manual Web, Mobile and Traditional application pentesting experience
- Experience with scripting leveraging tools such as Python
- Have a strong networking and security understanding
- Understanding of modern web application development technologies such as MVC, JWT, GraphQL
- Experience with Burp Suite, SAST, DAST, Container and Dependency Scanning tools
- Security certification such as OSWE, OSCP, CISSP, GPEN, CEH, CCSP, AWS desired.
- Strong verbal and written communications
- Excellent time management and organization skills
- Excellent Analytical skills
- Interest in cyber security
- Good understanding and knowledge of IT and Security
Note: An applicant assessment and background check may be part of your hiring procedure.
Individuals seeking employment at KnowBe4 are considered without prejudice to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation or any other characteristic protected under applicable federal, state, or local law. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please visit www.knowbe4.com/careers/request-accommodation.
No recruitment agencies, please.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Audits AWS Burp Suite CCSP CEH CISSP Cloud Code analysis DAST GPEN MITRE ATT&CK OSCP OSWE OWASP Pentesting PHP Privacy Python Ruby SAST Scripting Security assessment Vulnerabilities Vulnerability scans
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Specialist jobs
- Open Cyber Security Architect jobs
- Open Staff Security Engineer jobs
- Open Product Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Cybersecurity Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Sr. Security Engineer jobs
- Open Senior Security Architect jobs
- Open IT Security Engineer jobs
- Open Clearance-related jobs
- Open Windows-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Network security-related jobs
- Open Agile-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open IPS-related jobs