Application Security Engineer (DevSecOps)
About the Company:
Clarifai is an artificial intelligence company that excels at visual recognition. We do not sell an abstract, futuristic technology - we sell a solution that people can use today to solve real-world problems. We believe that the same AI technology that gives big tech companies a competitive edge should be available to developers and businesses. That’s why we build products to make it easy, quick, and inexpensive for them to innovate with AI, go to market faster, and build better customer experiences. We make “teaching” AI just as accessible as we make using AI, which is why our technology is the most personalized, unbiased, accurate solution in the market.
We have secured $40M in funding up to date, backed by Menlo Ventures, Google Ventures, USV, NVIDIA, Qualcomm, Osage, Lux Capital, LDV Capital, and Corazon Capital. To continue to succeed, we need people like you to join the team!
Clarifai is proud to be an equal opportunity workplace dedicated to pursuing and hiring a diverse workforce.
This position is to be the main point of contact for application security at Clarifai. At the position, you will be placed in the security team and take the main responsibility of SAST, DAST and the DevSecOps pipeline build up and maintenance. In the meantime, you will work together with the team to build the SIEM with more security intelligence to elevate the security of Clarifai as well.
- Lead threat modeling and security design reviews with engineering teams, provide subject matter expertise in resolving complex security problems.
- Identify opportunities for automation, partner with engineering and security team on implementing automation.
- Develop and support the development of security testing and validation tooling.
- Resolve and review the resolution of security vulnerabilities as needed.
- Improve secure coding practices, application security requirements, automation, training, and metrics.
- Contribute to, and assist in updating relevant application security training for engineering teams.
- Help to continuously improve our penetration testing strategies.
- A recognized university degree in Computer Science, Computer/Electrical Engineering, Information Technology or equivalent.
- Have at least one year of relevant working experience in a release management or development job.
- Knowledge in application security testing.
- Knowledge in understanding of Agile, Waterfall, DevOps, infrastructure as code/
- Able to program or script.
- Strong interest in the field of information security.
- Creative, independent with good problem solving skills.
- Strong analytical, interpersonal, communication and writing skills
Nice to have:
- Professional certifications such as CISSP, CSSLP, etc.
- Experience with cloud platforms such as AWS, GCP, or Azure
- Experience with mature SIEM solution