Application Security Engineer
Remote
Applications have closed
Red Canary
What We Believe In- Do what’s right for the customer- Be kind and authentic- Deliver great quality- Be relentless
Challenges You Will SolveDelivering excellent, secure software is paramount to Red Canary's mission! Some of the best security teams in the world depend on our software to protect their organizations, and in turn we expect the highest standards of security for our platform.
Our Application Security Engineers collaborate across product teams to mature our application security program and ensure secure outcomes for software development at scale. Under your guidance, the Red Canary application security model will be viewed as the standard by which all other security providers are measured. The program you will join enables rapid development of our product features for our customers, by providing repeatable secure patterns and seamless guardrails.
What You'll Do
- Detect, articulate, and mitigate risks in our runtime applications, including collaborating with our Engineering teams on remediating AppSec vulnerabilities
- Embed with the product teams and attend regular stand-ups and planning meetings to build positive relationships with key partners
- Design and deploy AppSec tools embedded in CI/CD that reduce our attack surface and improve our security posture
- Serve as the security authority, ensuring controls are working as designed, that security requirements are provided to the team before coding begins, and that vulnerabilities are being fixed within their SLAs
- Engage in application and domain-specific threat modeling, and attack surface analysis and reduction
What You'll Bring
- Experience in web application frameworks and standards (ex. OWASP Top 10, SANS Top 25, etc.)
- Familiarity with automated application security tools and technologies (SAST, DAST, SCA etc.)
- Solid understanding of common languages such as Python, Ruby, Javascript, Go, etc.
- Understanding and experience with securing public cloud deployments, including AWS and/or Azure, and serverless architecture
- Familiarity with CI/CD tools and processes, such as GitHub, Travis CI, CircleCI, Docker, and Kubernetes
- Excellent communication, and the ability to explain sophisticated security topics in simple terms
- Industry certifications are a plus, including OSCP, GPEN, GWAPT, CISSP, Security+, etc.
Why Red Canary?Red Canary is where people embody our mission to improve security outcomes for all. People work hard to maintain a culture that encourages authenticity in order to do your best work. Our people are driven and committed to finding the best security outcomes, delivering real and actionable answers, and being transparent along the way.
At Red Canary, we offer a very rich benefits program to our full-time team members so they can focus on their families and improving our customers’ security. For a full list of benefits, please review our Benefits Summary:https://resource.redcanary.com/rs/003-YRU-314/images/BenefitsSummary_2022_RedCanary.pdf
Individuals seeking employment at Red Canary are considered without regard to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation.
Tags: Application security AWS Azure CI/CD CircleCI CISSP Cloud DAST Docker GitHub GPEN GWAPT JavaScript Kubernetes OSCP OWASP Python Ruby SANS SAST SLAs Vulnerabilities
Perks/benefits: Equity Salary bonus
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Product Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Specialist jobs
- Open IT Security Analyst jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Agile-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open SaaS-related jobs
- Open Threat intelligence-related jobs
- Open CISA-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open Security Clearance-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open IDS-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open CI/CD-related jobs