Senior Application Security Engineer
Belfast
Applications have closed
Bazaarvoice
Bazaarvoice enables brands and retailers to leverage the voice of the customer, manage user-generated content at scale, and engage shoppers from discovery to purchase.The problem we are trying to solve : Brands and retailers struggle to make real connections with consumers. It's a challenge to deliver trustworthy and inspiring content in the moments that matter most during the discovery and purchase cycle. The result? Time and money spent on content that doesn't attract new consumers, convert them, or earn their long-term loyalty.
Our brand promise : closing the gap between brands and consumers.
Founded in 2005, Bazaarvoice is headquartered in Austin, Texas with offices in North America, Europe, Asia and Australia.
It’s official: Bazaarvoice is a Great Place to Work in the US and the UK!
Bazaarvoice is looking for an Application Security Engineer to be a key member of the Security team and ensure that the Bazaarvoice applications and services are built using security best-practices standards.
An Application Security Engineer at Bazaarvoice is expected to understand the web application inner workings, be strong in multiple domains of security, and work closely with both technical and non-technical staff to guide, monitor, assess, and improve the security posture of Bazaarvoice applications.
What you'll be doing:
- Perform vulnerability assessment of applications using a variety of security tools such Burp Suite, web-debugging proxies, Dynamic application security testing (DAST) software, Static application security testing (SAST) software and other automated or manual testing techniques
- Conduct security architecture reviews of the cloud environments and the application stack including Bazaarvoice-owned web and mobile applications
- Triage findings from security software and provide remediation guidelines to software developers and other asset owners
- Collaborate with internal development teams to ensure the applications meet security and compliance requirements
- Investigate and respond to security incidents and identify root-causes. Recommend or implement appropriate solutions and preventative measures
- Develop or integrate tools to improve security testing and detection of common web attack and misuse events
- Build automation tools for security processes in the software development lifecycle (SDLC)
- Document security processes and procedures
- Work on complex projects independently and collaborate with a team
- Act as a Security Team representative with other internal groups, vendors, and customers
- Embrace a culture of continuous service improvement and service excellence
- Stay current on security industry trends, research and become involved in the broader Security community
Necessary skills and experience:
- 4+ years of experience in Software Development, QA Engineering or Application Security
- Proficient with AppSec tools (such as Sonarqube).
- Strong understanding of common web vulnerabilities including OWASP Top 10
- Experience with writing code, scripting, and automation
- Knowledge of development integration tools and technologies (CI/CD).
- The ability to triage and handle or escalate security issues independently
- Strong sense of ownership, urgency, and drive.
- Ability to build partnerships and get results.
Nice to have:
- Security Certifications like CISSP/SANS GIAC/OSCP/CEH/Security+
- Experience with pen testing tools (such as Burp Suite, ZAP, Metasploit)
- Strong understanding of common web application attacks and attacks against cryptographic algorithms.
- Knowledge of cloud environments (AWS, GCP and/or Azure).
- Ability to be sensitive to the requirements of business owners (engineering, product, and sales) and clients and balance business needs against security standards and protocols.
- A hunger to learn how to be a well-rounded application security engineer and learn new skills and technologies out of their comfort zone.
- Bachelor’s degree in Computer Science or Engineering; or equivalent training, education, and/or work experience
Transparency & Integrity Builds TrustWe believe in the power of authentic feedback because it’s in our DNA. We do the right thing when faced with hard choices. Transparency and trust accelerate our collective performance.
Passionate Pursuit of Performance Our energy is contagious, because we hire for passion, drive & curiosity. We love what we do, and because we’re laser focused on our mission.
Innovation over ImitationWe seek to innovate as we are not content with the status quo. We embrace agility and experimentation as an advantage.
Stronger TogetherWe bring our whole selves to the mission and find value in diverse perspectives. We champion what’s best for Bazaarvoice before individuals or teams. As a stronger company we build a stronger community.
Commitment to diversity and inclusion Bazaarvoice provides equal employment opportunities (EEO) to all team members and applicants according to their experience, talent, and qualifications for the job without regard to race, color, national origin, religion, age, disability, sex (including pregnancy, gender stereotyping, and marital status), sexual orientation, gender identity, genetic information, military/veteran status, or any other category protected by federal, state, or local law in every location in which the company has facilities. Bazaarvoice believes that diversity and an inclusive company culture are key drivers of creativity, innovation and performance. Furthermore, a diverse workforce and the maintenance of an atmosphere that welcomes versatile perspectives will enhance our ability to fulfill our vision of creating the world’s smartest network of consumers, brands, and retailers.
Tags: Application security Automation AWS Azure Burp Suite CEH CI/CD CISSP Cloud Compliance Computer Science DAST GCP GIAC Metasploit OSCP OWASP Pentesting SANS SAST Scripting SDLC SonarQube Vulnerabilities
Perks/benefits: Team events
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Ethical hacker / Pentester H/F jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Staff Security Engineer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open Security Operations Analyst jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Agile-related jobs
- Open Vulnerability management-related jobs
- Open GCP-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Security Clearance-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs
- Open Forensics-related jobs