Application Security Engineer - AppSec

Barcelona, Barcelona, Spain

Ocado Technology

View company page

Job Purpose

To offer expertise and guidance to software engineering teams and help them integrate security practices in their SDLC. 

The AppSec team offers:

  • Working with development teams to provide them with help and guidance on addressing cybersecurity threats
  • Conducting threat modelling sessions and security code reviews, and training development teams on how to run them
  • Participating in security issue management processes
  • Educating and supporting development teams perform security activities
  • AppSec tooling and integrations like security issue tracking and SAST tools

Role & Responsibilities

This role involves supporting teams of software engineers including security practices to their SDLC and maintaining the AppSec tooling integrations.

The roles and responsibilities performed by the AppSec team are:

  • Working with teams to provide them with help and guidance on addressing cybersecurity threats
  • Conducting threat modelling sessions and training teams on how to run them
  • Participating in security issue management processes
  • Assisting engineering teams with organising penetration testing by dedicated pentest partners
  • Educating and supporting teams perform their security code reviews
  • Oversee in-stream use of vulnerability detection and reporting tools
  • Auditing, providing teams with feedback and guidance about their security activities (threat modelling, code reviews, SDLC practices)
  • Keep updated the SDLC security guidelines
  • Research security best practices in other organisations
  • Keeping abreast of new vulnerabilities and attack vectors, and associated countermeasures
  • Contributing to the centralised AppSec tooling
  • Integrations with the security issue management system
  • Security monitoring and alerting
  • Security reporting
  • Static and dynamic analysis

Knowledge, Skills and Experience

Essential

  • Strong interest in application security
  • Demonstrable programming ability with an in-depth understanding of underpinning techniques  
  • Experience in the full Software Development life-cycle from design to deployment
  • Ability to work in a geographically dispersed team
  • Strong communication skills and ability to influence engineering behaviours
  • Interest in continuous learning

Desirable

  • Experience as an Application Security Engineer
  • Knowledge of backend and frontend web application vulnerabilities
  • Knowledge of cloud environments
  • Knowledge of Agile methodologies
  • Proven ability to tackle challenging projects
What we can offer you
A relaxed, international, talented, creative and friendly environment, where we will provide you with the best tools to develop amazing stuff. We invest in our employees, ensuring we provide them with the best in-house and external training programs available. We also really encourage people to attend conferences and be involved in the local developer community.
  • Flexible working hours with short Fridays
  • Reduced hours in August
  • Private Health Insurance
  • Life Insurance
  • Ticket Restaurant
  • Ticket Transport
  • Ticket Kindergarten
  • Flexible WFH policy
  • Share-saving scheme 
  • Gym membership discounts 
  • Fresh fruit, snacks, tea and coffee
  • Monthly social events
  • Safari Books - O’Reilly account
  • Table football, board games and Nintendo Switch
  • Tech Talks and internal trainings
  • Developer exchange programmes between centers
  • English, Spanish and Catalan language courses

We are growing rapidly, making it a very exciting time to join, as we are currently at a brand new office in the 22@ district - the thrilling tech area of Barcelona.

Anything else?
There’s a lot going on at Ocado Technology! Click to find out more about Ocado Technology and our recruitment process.

Ocado is an equal opportunities employer and as such makes every effort to ensure that all potential employees are treated fairly and equally, regardless of their sex, sexual orientation, marital status, race, colour, nationality, ethnic or national origin, religion, age, disability or union membership status.

Tags: Agile Application security Audits Cloud Monitoring Pentesting SAST SDLC Vulnerabilities

Perks/benefits: Career development Conferences Fitness / gym Flex hours Health care Insurance Team events

Region: Europe
Country: Spain
Job stats:  19  3  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.