Application Security Engineer

Scalefast helps amazing brands develop a successful Direct-to-Consumer online business. Our next-generation technology platform is built to optimize modern eCommerce. Our end-to-end infrastructure includes global merchant-of-record agreements, fulfillment, subscription, loyalty programs, and finance functions to deliver new revenue and delightful brand experiences. Scalefast has proven itself with global brands like L’Oréal, Square-Enix, and Flir.

As a member of our Application Security Engineering team, the Application Security Engineer performs security architecture reviews of new and existing platforms. Partner with business units, departments providing input on security standard methodologies throughout project-lifecycles. They contribute to the Security programs by performing reviews and security audits. Talk confidently about our cybersecurity programs and help integrate our business needs with our Application Security needs.

The Application Security Engineer provides operational & security expertise in executing technology strategies, implementing secure software development measures into CI/CD pipelines, and collaborating with software engineering teams to apply a shift-left security strategy in the development lifecycle.

What do we offer?

• Competitive salary and a career path adapted to each person's abilities and experience within a company that is growing continuously
• Hybrid way of working
• A flexible schedule and total conciliation between work and family life including reduced timetable during one month in summer
• Become part of a multi-cultural company where you can contribute with your experience and learn from the experience of others
  
• Work with amazing brands
  
• Get the opportunity to influence the future of our services and platform
• Excellent working environment with frequent social activities (hackathons, Spartan races, quarterly whole-team social event)
  
• Central Madrid office located an 8-minute walk from Atocha train station, with a bus stop and BiciMad station right outside the office
• Kitchen and dining facilities as well as a fully stocked games room with games consoles etc. - great to disconnect from work for a while and have fun with your colleagues
• Discounted parking space in the office building if you’re coming by car, bicycle parking for those worried about their carbon footprint
• Mental Health Wellbeing Program

Requirements

Responsibilities:

• Contributing features to internally developed Cybersecurity tools and integrating those tools into the DevOps pipelines.
• Oversee development lifecycles and analyze security information related.
• Driving continuous improvement to the DevOps pipelines.
• Research appropriate security testing tools.
• Participating in security issue management processes.
• Educate and support teams to perform their safety code reviews.
• Keep updated the SDLC security guidelines.
• Whitebox code review of these products, applications, and integrations when appropriate.
• Aligns security deliverables with regulatory and contractual requirements that conform with security framework and
• standards such as NIST SP 800-53, OWASP Top 10, CIS Top 20.
• Define, implement, and monitor security measures to protect Scalefast stores and company and client assets

Requirements

• You have a passion for security and open source.
• Familiarity with common security libraries, security controls, and common security flaws that apply to web applications.
• Proven experience with Web Application Security Testing, Code Reviews, Vulnerability Assessment.
• Knowledge of automated security testing tools like SAST, DAST, SCA, IAST, and fuzz testing tools.
• Linux experience, comfortable between Debian and RHEL based systems.
• Excellent understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols with respect to application development and deployment
• Positive and solution-oriented mindset.
• Experience working with Cloud in a security-enabled environment.
• Knowledge of common authentication technologies including OAuth, SAML, CAs, OTP/TOTP.
• Knowledge of browser-based security controls such as CSP, HSTS, XFO.
• Proven ability to work independently, collaboratively as part of a global team and deliver to multiple deployment schedules.
• English written and verbal communication skills.

Nice-to-haves

• Experience with AWS.
• Information security professional certifications encouraged (SANS GIAC, CISSP etc.).
• Computer science education or equivalent experience.
• Experience in a peak performance organization, preferably a tech startup.
• Experience working with a remote team.
• Experience working with a global and multicultural team.
• Passionate about/experienced with open source and developer tools