Senior Security Engineer - Redwood City, CA

Application Security Analyst F/H

Ivalua is a leading provider of cloud-based procurement solutions globally. 

COMPANY OVERVIEW

A “Magic Quadrant” leader, Ivalua’s solutions work in a complex global economy.  Our innovative Source-to-Pay solutions include automating customized workflows to source, contract, request, procure, receive, and pay for goods and services across the enterprise, refining the procurement lifecycle while reducing cost and risk of spending on indirect goods, direct goods and services, and improving supplier collaboration.

All companies want the best and brightest. At Ivalua, we also want team members who have a global point of view and who bring customer-focused enthusiasm and ambition to the table. We are a company of doers, of problem solvers, of figure-it-outers. We have fun and we work hard.  Ivalua is a truly global company with a diverse team of contributors and a set of core values that people can feel every day across all our offices.

Our team works hard, plays hard, and enjoys our ping-pong tournaments at lunchtime! Or, are passionate, creative, focused, and collaborative. etc.

We're looking for a full-time Application Security Analyst to identify and assist in detection and mitigation of web application vulnerabilities. This includes security testing (automated and manual) to identify vulnerabilities,  prioritization of vulnerabilities, orchestration of remediation plans and the vulnerability remediation progress tracking via reports and dashboards.

Additionally, the Application Security Analyst will participate in the continuous improvement and innovation of the application vulnerability management program and help on the deployment of Secure Architecture & Software Development program.

WHAT YOU WILL DO WITH US:

• Research, identify, report and analyze and triage vulnerabilities that could affect Ivalua’s Platform and its supporting infrastructure, and determine its severity, exploitability and corrective action recommendations, summarizing and reporting results.
• Deploy, improve and utilize SAST/DAST/SCA and other cybersecurity solutions to identify and communicate security vulnerabilities to the R&D and project teams
• Perform  code reviews and manual pentesting of the application to detect security vulnerabilities
• Maintain and report progress on the state of application vulnerabilities and escalate as necessary to ensure vulnerability issues are closed and handled in a manner consistent with Ivalua standards
• Work closely with the business, support and R&D teams to provide input and guidance on development of planned remediation plans and strategies to solve identified vulnerabilities
• Collaborate with R&D teams to evolve software assurance processes to address security risks, and help teams learn and adopt shift-security-to-left practices.
• Drive compliance support and improvements over time through the management/coordination, analysis and tracking of vulnerabilities discovered through customer, internal or external audits, products or collaborations.
• Perform research and analytics and stay apprised on new security vulnerability, threats, risks, attack tools and techniques to contribute and improve Threat model and collaborate with senior engineering and product management staff to incorporate effective security standards and controls into product design.
• Improve and automate cybersecurity processes and solutions for application vulnerability reviews and testing activities including those within the CI/CD pipelines.
• Deliver training and documentation on Security Development Lifecycle to engineering/development teams
• Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

YOUR PROFILE:

• 2 + years’ hands-on technical expertise in Application Security, automation, integration, and deployment (DevSecOps).
• 3+ years expertise in performing various security audits in web applications (pentests, code reviews)
• Coding Experience in Scripting & programming languages (such as C++, .NET, SQL, etc.)
• Experience with the most common security tools (BurpSuite, SQLMap, Hydra etc.)
• Experience using Agile software development
• Experience implementing, managing, and supporting a vulnerability management program (process and technology).
• Experience and knowledge of implementing or operating a DevSecOps ecosystem and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs.
• Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation.
• Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, GDPR, etc.
• An Information Security qualification or evidence of starting to work towards e.g CSSLP – Certified Secure Software Lifecycle Professional, CEH - Certified Ethical Hacker, OSCP - Offensive Security Certified Professional , or similar certification.
• Ability to think critically, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask

Soft skills:

• Team player attitude
• Good capacity to handle pressure
• Ability to prioritize, work under pressure and meet deadlines
• Excellent problem-solving skills
• Communicate clearly and concisely with others, orally and in writing
• Detail-oriented and organized, able to pay attention to procedures and create proper documentation

WHAT WE CAN DO FOR YOU:

• An innovative and stimulating work environment
• Great training and career development
• You will work with a diverse and global team made up of exceptionally passionate, talented and motivated colleagues who are established leaders in their field
• Regular social events, team sports or musical activities (under normal conditions)
• We pride ourselves in customer experience, Agility, Pragmatism, Positive attitude and enthusiasm, Team play, Continuous learning and Improvement and accountability

 Watch the Ivalua Video:  https://vimeo.com/363634218

Join Ivalua today and procure a great future for your career!

#LI-SG1

#LI-HYBRID