Application Security Engineer

About Bazaarvoice At Bazaarvoice, we create smart shopping experiences. Through our expansive global network, product-passionate community & enterprise technology, we connect thousands of brands and retailers with billions of consumers. Our solutions enable brands to connect with consumers and collect valuable user-generated content, at an unprecedented scale. This content achieves global reach by leveraging our extensive and ever-expanding retail, social & search syndication network. And we make it easy for brands & retailers to gain valuable business insights from real-time consumer feedback with intuitive tools and dashboards. The result is smarter shopping: loyal customers, increased sales, and improved products.
The problem we are trying to solve : Brands and retailers struggle to make real connections with consumers. It's a challenge to deliver trustworthy and inspiring content in the moments that matter most during the discovery and purchase cycle. The result? Time and money spent on content that doesn't attract new consumers, convert them, or earn their long-term loyalty.
Our brand promise : closing the gap between brands and consumers.
Founded in 2005, Bazaarvoice is headquartered in Austin, Texas with offices in North America, Europe, Asia and Australia.
It’s official: Bazaarvoice is a Great Place to Work in US!
Bazaarvoice is looking for an Application Security Engineer to be a key member of the Security team and ensure that the Bazaarvoice applications and services are built using security best-practices standards. An Application Security Engineer at Bazaarvoice is expected to understand the web application inner workings, be strong in multiple domains of security, and work closely with both technical and non-technical staff to guide, monitor, assess, and improve the security posture of Bazaarvoice applications.

What you'll be doing:

• Perform vulnerability assessment of applications using a variety of security tools such Burp Suite, web-debugging proxies, Dynamic application security testing (DAST) software, Static application security testing (SAST) software and other automated or manual testing techniques
• Conduct security architecture reviews of the cloud environments and the application stack including Bazaarvoice-owned web and mobile applications
• Triage findings from security software and provide remediation guidelines to software developers and other asset owners
• Collaborate with internal development teams to ensure the applications meet security and compliance requirements
• Investigate and respond to security incidents and identify root-causes. Recommend or implement appropriate solutions and preventative measures
• Develop or integrate tools to improve security testing and detection of common web attack and misuse events
• Build automation tools for security processes in the software development lifecycle (SDLC)
• Document security processes and procedures
• Work on complex projects independently and collaborate with a team
• Act as a Security Team representative with other internal groups, vendors, and customers
• Embrace a culture of continuous service improvement and service excellence
• Stay current on security industry trends, research and become involved in the broader Security community

Necessary skills and experience:

• Bachelor’s degree in Computer Science or Engineering; or equivalent training, education, and/or work experience
• 4+ years of experience in Software Development, QA Engineering or Application Security
• Proficient with AppSec tools (such as Sonarqube) and pen testing tools (such as Burp Suite, ZAP, Metasploit)
• Strong understanding of common web vulnerabilities including OWASP Top 10
• Strong understanding of common web application attacks and attacks against cryptographic algorithms
• Experience with writing code, scripting, and automation
• Knowledge of Cloud environments (AWS, GCP and/or Azure) and development integration tools and technologies (CI/CD)
• The ability to triage and handle or escalate security issues independently
• Experience in troubleshooting, auditing, and performing forensic analysis
• Good documentation and note-taking skills
• Strong sense of ownership, urgency, and drive
• Ability to build partnerships and get results
• Ability to be sensitive to the requirements of business owners (engineering, product, and sales) and clients and balance business needs against security standards and protocols
• Experience in a service or support-oriented role – our people are our most vital assets
• A hunger to learn how to be a well-rounded application security engineer and learn new skills and technologies out of their comfort zone

Nice to have:

• Security Certifications like CISSP/SANS GIAC/OSCP/CEH/Security+
• Demonstrated innovative projects

Why join Bazaarvoice? Customer is keyWe see our own success through our customers’ outcomes.  We approach every situation with a customer first mindset.
Transparency & Integrity Builds TrustWe believe in the power of authentic feedback because it’s in our DNA. We do the right thing when faced with hard choices. Transparency and trust accelerate our collective performance.
Passionate Pursuit of Performance Our energy is contagious, because we hire for passion, drive & curiosity. We love what we do, and because we’re laser focused on our mission.
Innovation over ImitationWe seek to innovate as we are not content with the status quo. We embrace agility and experimentation as an advantage.
Stronger TogetherWe bring our whole selves to the mission and find value in diverse perspectives. We champion what’s best for Bazaarvoice before individuals or teams.  As a stronger company we build a stronger community.
Commitment to diversity and inclusion Bazaarvoice provides equal employment opportunities (EEO) to all team members and applicants according to their experience, talent, and qualifications for the job without regard to race, color, national origin, religion, age, disability, sex (including pregnancy, gender stereotyping, and marital status), sexual orientation, gender identity, genetic information, military/veteran status, or any other category protected by federal, state, or local law in every location in which the company has facilities. Bazaarvoice believes that diversity and an inclusive company culture are key drivers of creativity, innovation and performance. Furthermore, a diverse workforce and the maintenance of an atmosphere that welcomes versatile perspectives will enhance our ability to fulfill our vision of creating the world’s smartest network of consumers, brands, and retailers.