Sr. Principal Application Security Engineer

Gen is a global company powering Digital Freedom through consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Our combined heritage is rooted in providing safety for the first digital generations. We bring leading technology solutions in cybersecurity, privacy and identity protection to more than 500 million users in 150 countries so they can live their digital lives safely, privately, and confidently today and for generations to come. We're always looking for smart, fearless, and dedicated people. Together, we have collective passion and a big vision to power Digital Freedom by protecting consumers and giving them control of their digital lives. 

When you’re a part of Gen, you are provided access to a range of resources and support to ensure you can do your best work and live your best life. This includes flexible working options with generous time off and competitive benefits & compensation packages.

Diversity is foundational to how we do business because we know the greatest ideas and results come from our unique perspectives and differences. We strive to create a safe, inclusive environment where you can bring your whole self to work. Team members are valued, respected, and celebrated for who they are in a meaningful and exciting atmosphere. Gen is an equal employment opportunity employer. Employment decisions are based on merit, experience, and business needs.  

If this sounds like you—Gen has a dynamic, supportive culture with core values that celebrate diversity, promote teamwork, and encourage every team member to contribute and grow—join us!

About The Role:

Are you the kind of technial contributor who wants to influence how an organization builds a world class Application Security program? Do you enjoy solving multifaceted technical challenges with a focus on collaboration and team work? We're looking for a skilled technical contributor to do just that. You will be on the forefront of our software development activities and ensuring we produce the best possible outcomes to ensure security and privacy of our millions of users.

About The Team:

The Application Security team at Gen is responsible for the tools, process, policies, and technical leadership to build best practices for software development. We work closly with our developer and release engineering partners to deliver high quality, high fidelity findings, training, guidance, and tools. Additionally we provide outreach to external security researchers via our bug bounty program. We're a multi-cultural team that values team work, technical acumen, autonomy, and critical thinking.

What You’ll Do In This Role:

• Help define consistent Secure Software Development Lifecycle practices for all Gen technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated.

• Facilitate the embedding of application security into the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g., SAST, DAST, SCA).

• Ensure end-to-end security of Gen products by hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts.

• Improve secure coding practices, application security requirements, automation, training, and metrics.

• Take initiative and drive changes in our bug bounty program which positions us as the leading authority amongst other programs.

• Lead and influence cross-functional positive changes across the Security organization.

• Help build secure products and standards around emerging technologies and using existing standards and security practices.

• Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self service

• Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals

• Drive the most difficult or highly complex application security reviews and threat modeling. Provide expert guidance and direction for other team members when they encounter challenges in their security reviews.

• Scale application security by developing automated security testing or centralized security libraries which scale directly with developers and enable them to more easily write secure code.

• Collaborate with other teams both inside and outside security on broad security topics.

• Highly effective communicator; well-honed influencing and negotiating skills.

• Solid problem solving and analytical skills; able to quickly digest issue/problem encountered and recommend an appropriate solution.

• Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams.

• Champion recruiting activities.

• Serve as mentor to other AppSec team members, providing guidance and support.

• Ability to assist in Senior level responsibilities if needed.

What You’ll Need To Be Successful In This Role: 

• Experience identifying security issues through code review.

• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

• Familiarity with some common security libraries and tools (e.g., static analysis tools, proxying / penetration testing tools).

• Familiarity and ability to explain common security flaws and ways to address them (e.g., OWASP Top 10, CWE 25).

• Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies.

• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).

• Strong understanding and experience with common security libraries, security controls, and common security flaws.

• Strong experience working closely with developers.

• Leading expert with common security libraries, security controls, and common security flaws.

• Strong development or scripting experience and skills. You’re able to significantly and effectively contribute to the product and its security.

• Written and spoken English at least on B2 level.

What We Can Offer:

• Annual bonus scheme

• Unlimited PTO (paid time off), flexible working hours & home office.

• The chance to join a major global tech company listed on the S&P 500.

• Opportunity to learn and work with the best in the Digital Security industry

• Cafeteria points are provided by Benefit Plus (meal plan, pension insurance, travel, free time activities, multisport card, and much more).

• Tuition reimbursement for job-related courses

• Learning & Development plan.

• Sustainable home improvement bonus

• Mac/Windows laptop and mobile phone

Gen is proud to be an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible environment for all employees. All employment decisions are based on merit, experience, and business needs, without regard to race, color, national origin, age, religion, sex, pregnancy (including childbirth or related medical conditions), genetic information, disability (physical or mental), medical condition, marital status, sexual orientation, gender identity or gender expression, military or veteran status, or any other consideration made unlawful by federal, state, or local law. Gen strictly prohibits unlawful discrimination based on such protected characteristics and seeks to recruit the most talented candidates from diverse cultures and backgrounds. 

We also consider employment-qualified individuals with arrest and conviction records. In addition, we will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Learn more about pay transparency. 

Gen complies with all anti-discrimination laws. 

To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.