Application Security Engineer

REMOTE ROLE: A Blue Prism Application Security Engineer champions product development security, providing security education and awareness, designs and implements new security initiatives that enhances Blue Prisms security position and implements, maintains and enforces software security standards and compliance.

Blue Prism is the global leader in intelligent automation for the enterprise, transforming the way work is done. At Blue Prism, we have users in over 150 countries in more than 1,800 businesses, including Fortune 500 and public sector organizations, that are creating value with new ways of working, unlocking efficiencies, and returning millions of hours of work back into their businesses. Our Digital Workforce is smart, secure, scalable and accessible to all; freeing up humans to re-imagine work.

To understand more about Blue Prism’s intelligent automation click here. You can also visit http://www.blueprism.com/ and follow us on Twitter @blue_prism, LinkedIn and Instagram @blueprismofficial. Or have a look at our YouTube page for further insights about Blue Prism.

Requirements

Duties & Responsibilities

The primary responsibilities of an Application Security Engineer are to:

• Drive security awareness through continuous education and quality documentation
• Ensure Blue Prism products are delivered with minimal security risk to the business or its customers
• Ensure product standards and compliance
• Provide technical subject matter expertise and security guidance to the business
• Evolve and promote Blue Prisms security strategy internally and externally

Dimensions of the Role

The application security engineer is a supporting role that works as part of the wider product team, they report to the senior/chief application security engineer that in turn reports to the director of engineering.

Competencies

The skills and knowledge required for the role is broad and diverse, specialization and established product knowledge is recommended at higher levels. The core skills required are:

• Driving security awareness through continuous education and quality documentation

Being able to identify and eliminate training needs with immediate teams and the wider organization

Creating positive learning environments through interactive learning workshops and presentations

Having good technical writing skills

• Ensuring Blue Prism products are delivered with minimal security risk to the business or its customers

Experienced in software development projects with a good knowledge of Agile SDLC and DevOps principles

Knowledge of OOP principles with a good understanding of one or more of the following programming languages

• C#
• C/C++
• VB.net
• JavaScript
• SQL
• Python

Experience of performing security design reviews, threat modelling and risk assessments

Experience of security testing and assurance

Experience and/or understanding of SAST tooling such as Checkmarx, Coverity, Veracode etc.Experience and understanding of SCA tooling such as Snyk, Black Duck, SourceClear etc.

• Ensure product standards and compliance

Awareness of international security standards such as OWASP top 10, CWE/SANS Top 25, HIPAA, NIST and how they apply to software development.

Understanding of how to identify and remediate 3rd party license compliance and risk

• Provide technical subject matter expertise and security guidance to the business and its customers

Knowledge of Security Architecture: threats, countermeasures, confidentiality, authenticity, integrity and non-repudiation

Good understanding of cryptography and its application to security

Demonstrating a good understanding of offensive and defensive security procedures and techniques

Working knowledge of cloud security service design approaches (Azure, AWS, Kubernetes, Docker or GCP).

Understanding of risk assessment tools and frameworks (STRIDE, DREAD, CVSS)

Ability to analyze incoming security concerns and lead/advise remedial work

Additional Skills, Experience, Languages

Whilst not essential the following skills are desirable:

• Professional security qualifications are desirable (e.g. CISSP, Offensive Security, Sans Institute, etc)
• Experience of using or Implementing the Blue prism product

• Theoretical and working knowledge of key peripheral technologies, including Windows Server / client fundamentals, Active Directory and security tooling

Benefits

• Company pension scheme
• Life assurance scheme
• Private medical scheme
• Employee share scheme
• 30 days holiday plus bank holidays
• Flexible working hours

Blue Prism Software is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, gender identity or expression, genetics, arrest record or any other characteristic protected by applicable federal, state or local laws.

Blue Prism is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Blue Prism via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Blue Prism. No fee will be paid in the event the candidate is hired by Blue Prism as a result of the referral or through other means.