Application Security Engineer - AppSec
Barcelona, Barcelona, Spain
We currently have an opening for an AppSec Engineer to join our Atmosphere division, who we create the eCommerce and fulfilment solutions that power the Ocado Smart Platform. From the secret sauce that drives our 35 million customer searches and product recommendations, to our market-leading delivery punctuality and order accuracy.
We use the best tools for the job, with teams using a wide range of technologies including Java, Scala, Akka, NodeJS, Docker, React, Redis, AWS, and many others. Our teams choose the development methodologies that suit them best, from Kanban and Scrum to TDD and Continuous Delivery.
In a nutshell
We are currently seeking an additional team member to join our sole AppSec engineer and together we can contribute to a secure platform. For this person to be successful you need to be passionate and driven individual who loves to learn. You need to be robust yet collaborative and love to be challenged, whilst seeking opportunities to improve your skills every day.
A key part of the role will be developing solutions with the development teams to ensure they fully integrate the Secure SDLC into their development process, with a focus on secure design and coding, threat modelling, static, dynamic code analysis, third-party library vulnerability detection and reporting, monitoring and alerting.
How will you add value on a day-to-day basis?
In this role, you will act as our AppSec Engineer, where you will work with teams to ensure security requirements and secure development are incorporated into the processes. You will also develop and manage the delivery of technical security standards. Coordinating and supporting the delivery of security solutions from inception, proof of concept, testing and implementation, you will engage with the business to ensure the security architecture is aligned with the business strategy, as well as ensure that any strategy set adheres to the SOC II compliance.
Role & Responsibilities
- Write and maintaining software for automating security processes.
- Write and maintain software for monitoring and security vulnerabilities checks .
- Develop and improve tools that enable the detection, exposing, reporting and auditing security activities.
- Research and propose security best practices in other organisations.
- Show ability to automate processes using scripting tools such as Bash, Python or similar.
- Help with penetration testing of new and existing applications.
- Demonstrate development and/or scripting abilities working with API’s.
- Promote a security-focused culture in all activities of our SDLC. Provide security expertise and guidance.
- Assess SDLC security gap risks and propose remedies.
- Collaborate with other departments to achieve business outcomes.
- Knowledge of standards such as SOC II, ISO/IEC 27001 and SOX are a plus.
- Security awareness, including web application security awareness, is a plus.
Knowledge, Skills and Experience
- Background in software development (ideally in Java or Python) and proven experience in engineering covering initiation, planning, managing build and testing.
- Experience identifying, assessing and providing remediation options for application and technology related security risks.
- Experience providing governance and validating compliance of internal and external teams providing security services.
- Familiarity with OWASP and CVE.
- Computer Science (or a related subject) degree.
- Good spoken and written English.
What we can offer you
A relaxed, international, talented, creative and friendly environment, where we will provide you with the best tools to develop amazing stuff. We invest in our employees, ensuring we provide them with the best in-house and external training programs available. We also really encourage people to attend conferences and be involved in the local developer community.
- Flexible working hours with short Fridays
- Reduced hours in August
- Private Health Insurance
- Life Insurance
- Ticket Restaurant
- Ticket Transport
- Ticket Kindergarten
- Gym membership discounts
- Fresh fruit, snacks, tea, coffee...
- Monthly social events
- Table football, board games and Nintendo Switch
- Tech Talks and internal trainings
- Developer exchange programmes between centers
- English and Spanish language courses
Ocado is an equal opportunities employer and as such makes every effort to ensure that all potential employees are treated fairly and equally, regardless of their sex, sexual orientation, marital status, race, colour, nationality, ethnic or national origin, religion, age, disability or union membership status.