Application Security Analyst

About the Team:

AppDirect is the leading cloud service marketplace company dedicated to revolutionizing the way businesses run. We offer a cloud service marketplace and management platform that enables companies to distribute web-based services. The global network of AppDirect-powered marketplaces allows businesses to find, buy, and manage the best applications the cloud has to offer.   

With our award-winning platform, service providers can launch a state-of-the-art online application store within a matter of weeks, while developers can integrate once and make their software available across multiple marketplaces worldwide. Our products offer more advanced features and tools than any other competitive solution, putting AppDirect at the forefront of the rapidly evolving market for cloud services delivery.   AppDirect powers the cloud marketplaces of trusted companies around the globe— Comcast, Staples, Deutsche Telekom, Vodafone, Telstra, Rackspace, Cloud Foundry, and more—and has helped to connect millions of companies with today’s leading web-based applications. 

About You:   

We’re looking for talented yet humble individuals who are smart, passionate and want to drive disruption in the Information security industry. If you thrive in a fast-paced, collaborative workplace, AppDirect provides an environment where you will be challenged and inspired every day. If you relish the freedom to bring creative, thoughtful solutions to the table that reflect your experience and personality, there's no limit to what you can accomplish here.  

What you'll do and how you'll make an impact:

• Perform pen-testing and security reviews of AppDirect products and services
• Identify security gaps and vulnerabilities through SAST, DAST, SCA, penetration testing, code review.
• Ensure end-to-end security of AppDirect Marketplace by hands-on testing, hypothesizing threats, helping development teams remediating risks upfront, and championing secure implementation efforts
• Help Developers mitigate identified vulnerabilities by providing and/or implementing technical solutions.
• Organize CTFs & Hackathons for internal teams
• Manage bug bounty program
• Develop custom tools and automation that enable DevSecOps and SecOps.
• Proactively research the latest vulnerabilities and exploits
• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals

What you'll need:

• 2-4 years of professional hands-on experience in application security
• Demonstrated experience in programming languages (e.g. Golang, Java, Python, and/or JavaScript) and development tools (e.g. Maven, Gradle, Jenkins)
• Experience reviewing code in any one language. (Node.js, Java, React, iOS and/or Android)
• Ability to successfully integrate security into a developers world
• Deep knowledge and experience in using SAST, DAST, IAST, SCA, and fuzz testing tools
• A strong foundation of security architecture, protocols, vulnerabilities, and countermeasures.
• Strong understanding of secure coding standards and security risks e.g. OWASP Top 10.
• Familiar with agile development processes and have experience integrating secure development practices into the agile model.
• Familiarity with cryptography primitives and fundamentals (e.g. SSL/TLS, PKI).
• Experience working with development, engineering, and architecture teams to ensure security best practices are followed.
• Ability to communicate effectively utilizing critical thinking skills, the ability to learn new concepts, and problem-solving as they arise.
• Self-motivated; able to work independently.

About AppDirect:

AppDirect is the only end-to-end commerce platform for selling, distributing, and managing cloud-based products and services to succeed in the digital economy. The AppDirect ecosystem connects channels, developers, and customers through its platform to simplify the digital supply chain by enabling the onboarding and sale of products with third-party services, for any channel, on any device, with support. Powering millions of cloud subscriptions worldwide, AppDirect helps organizations, including Jaguar Land Rover, Comcast, ADP, and Deutsche Telekom connect their customers to the solutions they need to reach their full potential in the digital economy.

We believe that the unique contributions of all AppDirectors are the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

At AppDirect we take privacy very seriously. For more information about our use and handling of personal data from job applicants, please read our Candidate Privacy Policy. For more information on our general privacy practices, please see AppDirect Privacy Notice: link: https://www.appdirect.com/about/privacy-notice