Application Security Engineer - AppSec
Barcelona, Barcelona, Spain
Applications have closed
Ocado Technology
Job Purpose
To offer expertise and guidance to software engineering teams and help them integrate security practices in their SDLC.
The AppSec team offers:
- Working with development teams to provide them with help and guidance on addressing cybersecurity threats
- Conducting threat modelling sessions and security code reviews, and training development teams on how to run them
- Participating in security issue management processes
- Educating and supporting development teams perform security activities
- AppSec tooling and integrations like security issue tracking and SAST tools
Role & Responsibilities
This role involves supporting teams of software engineers including security practices to their SDLC and maintaining the AppSec tooling integrations.
The roles and responsibilities performed by the AppSec team are:
- Working with teams to provide them with help and guidance on addressing cybersecurity threats
- Conducting threat modelling sessions and training teams on how to run them
- Participating in security issue management processes
- Assisting engineering teams with organising penetration testing by dedicated pentest partners
- Educating and supporting teams perform their security code reviews
- Oversee in-stream use of vulnerability detection and reporting tools
- Auditing, providing teams with feedback and guidance about their security activities (threat modelling, code reviews, SDLC practices)
- Keep updated the SDLC security guidelines
- Research security best practices in other organisations
- Keeping abreast of new vulnerabilities and attack vectors, and associated countermeasures
- Contributing to the centralised AppSec tooling
- Integrations with the security issue management system
- Security monitoring and alerting
- Security reporting
- Static and dynamic analysis
You may be asked to perform tasks as required by management deemed as a reasonable request. This job description is a summary of the typical functions of the role, not an exhaustive or comprehensive list of possible role responsibilities, tasks and duties and is subject to review. The responsibilities, tasks and duties of the job holder might differ from those outlined in the job description and other duties, as assigned, might form part of the job.
Knowledge, Skills and Experience
Essential
- Strong interest in application security
- Demonstrable programming ability with an in-depth understanding of underpinning techniques
- Experience in the full Software Development life-cycle from design to deployment
- Ability to work in a geographically dispersed team
- Strong communication skills and ability to influence engineering behaviours
- Interest in continuous learning
Desirable
- Experience as an Application Security Engineer
- Knowledge of backend and frontend web application vulnerabilities
- Knowledge of cloud environments
- Knowledge of Agile methodologies
- Proven ability to tackle challenging projects
A relaxed, international, talented, creative and friendly environment, where we will provide you with the best tools to develop amazing stuff. We invest in our employees, ensuring we provide them with the best in-house and external training programs available. We also really encourage people to attend conferences and be involved in the local developer community.
- Flexible working hours with short Fridays
- Reduced hours in August
- Private Health Insurance
- Life Insurance
- Ticket Restaurant
- Ticket Transport
- Ticket Kindergarten
- Flexible WFH policy
- Share-saving scheme
- Gym membership discounts
- Fresh fruit, snacks, tea and coffee
- Monthly social events
- Safari Books - O’Reilly account
- Table football, board games and Nintendo Switch
- Tech Talks and internal trainings
- Developer exchange programmes between centers
- English, Spanish and Catalan language courses
We are growing rapidly, making it a very exciting time to join, as we are moving to a brand new office in the 22@ district. We are currently right next to Sants station, a central area of Barcelona.
Anything else?
There’s a lot going on at Ocado Technology! Click to find out more about Ocado Technology and our recruitment process.
Ocado is an equal opportunities employer and as such makes every effort to ensure that all potential employees are treated fairly and equally, regardless of their sex, sexual orientation, marital status, race, colour, nationality, ethnic or national origin, religion, age, disability or union membership status.
Tags: Agile Application security Audits Cloud Monitoring Pentesting SAST SDLC Vulnerabilities
Perks/benefits: Career development Conferences Fitness / gym Flex hours Health care Insurance Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Staff Security Engineer jobs
- Open Information Security Specialist jobs
- Open Senior Security Analyst jobs
- Open Security Operations Engineer jobs
- Open Cyber Security Architect jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Product Security Engineer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Cyber Security Specialist jobs
- Open Cybersecurity Analyst jobs
- Open Principal Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Specialist jobs
- Open Security Specialist jobs
- Open Chief Information Security Officer jobs
- Open Security Researcher jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Cyber Security Specialist jobs
- Open Information System Security Officer (ISSO) jobs
- Open Clearance-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open CISM-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open Analytics-related jobs
- Open SaaS-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open Threat intelligence-related jobs
- Open Security assessment-related jobs
- Open DevOps-related jobs
- Open Java-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Malware-related jobs
- Open APIs-related jobs
- Open IDS-related jobs
- Open Security Clearance-related jobs
- Open CI/CD-related jobs
- Open DevSecOps-related jobs