Application Security Engineer

What You Will Do

• Perform threat modeling and secure design reviews for Bykea’s infrastructure and applications to implement secure-by-default solutions.
• Design and implement security solutions to automate the detection and remediation of infrastructure security issues.
• Build out automated/scalable "shift left" approaches to code security including SAST/DAST within code pipelines
• Perform dynamic application security testing (DAST).
• Perform static analysis (SAST) of the micro-services and Mobile applications codebase.
• Discover, prioritize, and remediate technical risks on features, products, and infrastructure.
• Develop and own best practices for application security, development, and deployment (CI/CD).
• Identify and assess vulnerabilities stemming from third party dependencies.
• Triage and remediate vulnerabilities reported to the security team as well
• Educate and evangelize security engineering throughout the organization

About You

• Hands-on security experience with a passion for everything security related with a proven record of delivering a security impact.
• Proven proficiency in scripting and/or software development (Javascript, Python preferred)
• Experience deploying/integrating with CI/CD and configuring SAST/DAST tooling.
• Infrastructure level experience with AWS, Kubernetes and Terraform/Cloud Formation
• Experience with industry standard threat models and security tooling.
• Deep understanding of web security, TLS/SSL, web authentication and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols).
• Experience with mobile applications, web applications, and micro service architecture and their security issues.
• Proven track record securing highly available and highly scalable systems.
• Familiarity with one or more cloud vendor services and management tools (AWS, GCP).
• Team player who can get along with others both inside and outside the company.
• Certifications like OSCP, AWS Security Specialty are also a plus.