Snr. Application Security Engineer

KnowBe4, Inc. is the provider of the world's largest security awareness training and simulated phishing platform.  KnowBe4 enables organizations to manage the ongoing problem of social engineering by helping them train employees to make smarter security decisions, every day. Tens of thousands of organizations worldwide use KnowBe4’s platform to mobilize their end users as a last line of defense and enable them to make better security decisions, every day.   We have ranked a best place to work for women, millennials, and in technology nationwide by Fortune Magazine as well as #1 or #2 in The Tampa Bay Top Workplaces Survey for the last six years.

The Senior Application Security Engineer performs all processes and procedures necessary to ensure the safety of KnowBe4 applications and products (on premise and in cloud). In addition, the primary responsibility is to protect the privacy, confidentiality, integrity, and availability of company and customer data by conducting security assessments, triaging security findings and having a proactive approach in assisting the engineering and development team to develop secure applications. 

Responsibilities:

• Assist the development and engineering teams to architect and develop secure applications and infrastructure
• Perform certification and accreditation prior to releasing new products and features to production
• Address security throughout the development lifecycle
• Assist in automating and scaling security solutions across the software development lifecycle
• Perform Security reviews and Penetration testing across company products and services
• Perform automated and manual vulnerability scans and triage vulnerabilities across company products
• Perform reviews of security findings from container scans, dependency checks and static code analysis tools.
• Oversee the bug bounty program
• Provide secure coding guidance to engineering teams
• Provide hands-on remediation guidance to development teams
• Security training and outreach to internal development teams
• Assist in performing security reviews of the source code
• Design, develop, document, create, and analyze configuration settings, rules, and alerts associated with enterprise risk, security systems, security applications.
• Stay informed on the latest vulnerabilities
• Ensure the existing/new applications and/or technology infrastructure elements comply with enterprise security, control and audit standards in addition to passing local and federal regulatory examinations. 

Minimum Qualifications:

• Relevant field or experience in IT and infosec.
• Has strong understanding of information security, including a broad range of exposure to cloud infrastructure, systems analysis and application development, vulnerability scanning, policies and procedures, and audits.
• Experience with cloud computing environments including infrastructure as code, containers and functions.
• Strong knowledge of CWE top 25 and OWASP top 10 vulnerabilities
• Understanding of MITRE ATT&CK matrix
• Experience with code development and can read and understand source code in several programming languages such as Ruby, PHP, Go, JS, Python. 
• Automated and Manual Web, Mobile and Traditional application pentesting experience
• Experience with scripting leveraging tools such as Python
• Have a strong networking and security understanding
• Understanding of modern web application development technologies such as MVC, JWT, GraphQL
• Experience with Burp Suite, SAST, DAST, Container and Dependency Scanning tools
• Security certification such as OSWE, OSCP, CISSP, GPEN, CEH, CCSP, AWS desired.
• Strong verbal and written communications
• Excellent time management and organization skills
• Excellent Analytical skills
• Interest in cyber security
• Good understanding and knowledge of IT and Security

Note: An applicant assessment and background check may be part of your hiring procedure.

Individuals seeking employment at KnowBe4 are considered without prejudice to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, sexual orientation or any other characteristic protected under applicable federal, state, or local law. If you require reasonable accommodation in completing this application, interviewing, completing any pre-employment testing, or otherwise participating in the employee selection process, please visit www.knowbe4.com/careers/request-accommodation.

No recruitment agencies, please.