Senior Application Security Engineer

Mountain View, CA

Arm Treasure Data

Capture, analyze and act on all of your customer data across every channel and every department. For all of your brands, all around the world.

View company page

We’re looking for an experienced Senior Application Security Engineer as part of our Engineering & Operations component of our Security and Trust Team who is excited to change how we practice and deliver a secure and compliant customer data platform hosted in Amazon Web Services (AWS). Our Security & Trust charter is to influence and work alongside engineers across the company and with strategic partners to build and grow their cloud products and services. Key responsibilities:-Build relationships and partner with Product and Engineering Development Teams to formulate and implement a strategy for software security that is tailored to the specific risks faced by the product and its targeted consumers.-Conduct application security assessments and aggregate threat intelligence regularly to identify attack vectors against Treasure Data's products and services. Mitigate risk by updating the protection mechanism and developing appropriate detections via appropriate tools to facilitate effective incident response processes.-Develop and maintain a risk-based application security program based on a well-defined application security framework.-Evaluate capabilities and features to identify gaps against our security policies and drive security gap resolution.-Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrate concrete improvements to the application assurance program within the organization.-Coordinate or conduct application penetration testing and drive remediation efforts to completion.-Identify, develop, and integrate security testing tools, including but not limited to SAST, DAST, into continuous integration and continuous development framework.-Provide operational and executive-level reporting based on agreed-upon metrics that demonstrate program performance progression and material-impacting risk reduction.-Assess risk arising from third-parties, vendors and partners in our ecosystem and design controls to mitigate such risks-Provide recommendations on security requirements to be included in product design and security testing.-Interact directly with the security community regarding vulnerabilities and threats.-Develop an application security awareness and training curriculum in collaboration with Engineering Organization.-Document security procedures and processes.-Part of the security incident response team. Your background and skills will include-BS degree in Computer Information Systems or related field.-Deep expertise in software development with elements of security is required. -Experience working with public Cloud environments is required.-Knowledge of OWASP Top 10 and CWE Top 25 Framework.-Experience writing and building software solutions using common programming languages like Java, Python, Ruby, JavaScript, Go, etc.-Familiarity with Cybersecurity Frameworks including NIST 800-53, NIST CSF, CIS Top 20, MITRE ATT&CK, and OWASP Top Ten.-Deep knowledge of crypto, authentication and authorization protocols and standards, including SSL/TLS, SAML, OAuth, JWT Tokens.-Possess a desire to conduct internal penetration testing to secure systems or use as training materials to help others learn.-Prior experience producing concise and quality technical documentation and reports.-Ability to break down work into tasks and maintain these tasks into an organized, sustainable set of goals.-Experience performing security/vulnerability reviews of AWS services and Mac OSX.-Experience with security automation methodologies and solutions.-Ability to collaborate and provide clear point of view to multiple teams, ensuring results are aligned with company business objectives and delivered within planned timelines.-Excellent judgment, decision making skills, and ability to work with deadlines.-Excellent communication and presentation skills, and experience presenting to management.-Organizational savvy to steer peers and leadership toward solutions that carefully balance business, risk, and engineering concerns.-Impact oriented who can identify how initiatives and effort can move the needle for the organization.-Ability to work alone or in teams, with minimal oversight, driving positive results while maintaining attention to detail.-Ability to quickly adapt to shifting priorities, demands, and timelines through analytical and problem-solving capabilities.-Experience working in a start-up environment.-Strong desire to add to our culture of diversity, equity and inclusion. 
Who we are: Treasure Data employees are enthusiastic, data-driven and customer-obsessed. Our actions reflect our values of honesty, reliability, openness and humility. Treasure Data moved to remote-based work in March 2020 and is committed to ensuring it remains agile to accommodate shifting preferences of its workforce. While we are not working shoulder-to-shoulder, we still work side-by-side, finding unique ways to connect and create together while also respecting each other’s life priorities outside of work. We offer competitive salary and benefits and named one of the 2021 Best Places to Work. Treasure Data is an equal opportunity employer dedicated to building an inclusive and diverse workforce. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
What we do: Treasure Data is the only enterprise Customer Data Platform (CDP) that harmonizes an organization’s data, insights, and engagement technology stacks to drive relevant, real-time customer experiences throughout the entire customer journey. Treasure Data helps brands give millions of customers and prospects the feeling that each is the one and only. With its ability to create true, unified views of each individual, Treasure Data CDP is central for enterprises who want to know who is ready to buy, plus when and how to drive them to convert. Flexible, tech-agnostic and infinitely scalable, Treasure Data provides fast time to value even in the most complex environments.
Agencies and Recruiters: We cannot consider your candidate(s) without a contract in place. Any resumes received without having an active agreement will be considered gratis referrals to us. Thank you for your understanding and cooperation!

Tags: Agile Application security Automation AWS Cloud Crypto DAST Incident response Java JavaScript MITRE ATT&CK NIST OWASP Pentesting Python Ruby SAML SAST Security assessment Strategy Threat intelligence TLS Vulnerabilities

Perks/benefits: Career development Competitive pay Equity Flex hours Startup environment Team events

Region: North America
Country: United States
Job stats:  6  0  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.