Sr. Principal Application Security Engineer
Prague, Czech
Applications have closed
Gen
Gen is a global leader in cybersecurity. Explore our trusted consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner.Gen is a global company powering Digital Freedom through consumer brands including Norton, Avast, LifeLock, Avira, AVG, ReputationDefender, and CCleaner. Our combined heritage is rooted in providing safety for the first digital generations. We bring leading technology solutions in cybersecurity, privacy and identity protection to more than 500 million users in 150 countries so they can live their digital lives safely, privately, and confidently today and for generations to come. We're always looking for smart, fearless, and dedicated people. Together, we have collective passion and a big vision to power Digital Freedom by protecting consumers and giving them control of their digital lives.
When you’re a part of Gen, you are provided access to a range of resources and support to ensure you can do your best work and live your best life. This includes flexible working options with generous time off and competitive benefits & compensation packages.
Diversity is foundational to how we do business because we know the greatest ideas and results come from our unique perspectives and differences. We strive to create a safe, inclusive environment where you can bring your whole self to work. Team members are valued, respected, and celebrated for who they are in a meaningful and exciting atmosphere. Gen is an equal employment opportunity employer. Employment decisions are based on merit, experience, and business needs.
If this sounds like you—Gen has a dynamic, supportive culture with core values that celebrate diversity, promote teamwork, and encourage every team member to contribute and grow—join us!
About The Role:
Are you the kind of technial contributor who wants to influence how an organization builds a world class Application Security program? Do you enjoy solving multifaceted technical challenges with a focus on collaboration and team work? We're looking for a skilled technical contributor to do just that. You will be on the forefront of our software development activities and ensuring we produce the best possible outcomes to ensure security and privacy of our millions of users.
About The Team:
The Application Security team at Gen is responsible for the tools, process, policies, and technical leadership to build best practices for software development. We work closly with our developer and release engineering partners to deliver high quality, high fidelity findings, training, guidance, and tools. Additionally we provide outreach to external security researchers via our bug bounty program. We're a multi-cultural team that values team work, technical acumen, autonomy, and critical thinking.
What You’ll Do In This Role:
Help define consistent Secure Software Development Lifecycle practices for all Gen technology projects throughout the planning and delivery cycles that assure that application security risks are mitigated.
Facilitate the embedding of application security into the software delivery lifecycle (including during the early stages of projects) regardless of delivery methodology and tool sets used (e.g., SAST, DAST, SCA).
Ensure end-to-end security of Gen products by hypothesizing threats, helping development teams remediating risks upfront and championing secure implementation efforts.
Improve secure coding practices, application security requirements, automation, training, and metrics.
Take initiative and drive changes in our bug bounty program which positions us as the leading authority amongst other programs.
Lead and influence cross-functional positive changes across the Security organization.
Help build secure products and standards around emerging technologies and using existing standards and security practices.
Train and educate developers and teams in secure coding techniques including use of supporting toolsets and enable them to self service
Collaborate with product development and solution teams proactively to manage software security risk aligned with business goals
Drive the most difficult or highly complex application security reviews and threat modeling. Provide expert guidance and direction for other team members when they encounter challenges in their security reviews.
Scale application security by developing automated security testing or centralized security libraries which scale directly with developers and enable them to more easily write secure code.
Collaborate with other teams both inside and outside security on broad security topics.
Highly effective communicator; well-honed influencing and negotiating skills.
Solid problem solving and analytical skills; able to quickly digest issue/problem encountered and recommend an appropriate solution.
Self-motivated; able to work independently; able to negotiate and bring consensus to diverse priorities of product development and solution teams.
Champion recruiting activities.
Serve as mentor to other AppSec team members, providing guidance and support.
Ability to assist in Senior level responsibilities if needed.
What You’ll Need To Be Successful In This Role:
Experience identifying security issues through code review.
Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
Familiarity with some common security libraries and tools (e.g., static analysis tools, proxying / penetration testing tools).
Familiarity and ability to explain common security flaws and ways to address them (e.g., OWASP Top 10, CWE 25).
Ability to effectively present and communicate security threats and risks to any audience and impress upon them the mitigation techniques and strategies.
A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
Strong understanding and experience with common security libraries, security controls, and common security flaws.
Strong experience working closely with developers.
Leading expert with common security libraries, security controls, and common security flaws.
Strong development or scripting experience and skills. You’re able to significantly and effectively contribute to the product and its security.
Written and spoken English at least on B2 level.
What We Can Offer:
Annual bonus scheme
Unlimited PTO (paid time off), flexible working hours & home office.
The chance to join a major global tech company listed on the S&P 500.
Opportunity to learn and work with the best in the Digital Security industry
Cafeteria points are provided by Benefit Plus (meal plan, pension insurance, travel, free time activities, multisport card, and much more).
Tuition reimbursement for job-related courses
Learning & Development plan.
Sustainable home improvement bonus
Mac/Windows laptop and mobile phone
Gen is proud to be an equal-opportunity employer. We celebrate diversity and are committed to creating an inclusive and accessible environment for all employees. All employment decisions are based on merit, experience, and business needs, without regard to race, color, national origin, age, religion, sex, pregnancy (including childbirth or related medical conditions), genetic information, disability (physical or mental), medical condition, marital status, sexual orientation, gender identity or gender expression, military or veteran status, or any other consideration made unlawful by federal, state, or local law. Gen strictly prohibits unlawful discrimination based on such protected characteristics and seeks to recruit the most talented candidates from diverse cultures and backgrounds.
We also consider employment-qualified individuals with arrest and conviction records. In addition, we will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. Learn more about pay transparency.
Gen complies with all anti-discrimination laws.
To conform to U.S. export control regulations, applicant should be eligible for any required authorizations from the U.S. Government.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security Automation DAST OWASP Pentesting Privacy SAST Scripting SDLC TCP/IP Windows
Perks/benefits: Career development Competitive pay Flex hours Flex vacation Gear Insurance Salary bonus Transparency Unlimited paid time off
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs