We are looking for the best and the brightest to join our family. We’re proud of our industry-leading digital marketing and insights-to-activation platform software, but we’re even prouder of the people behind it. That’s where you come in!
Our work environment is very fast-paced and entrepreneurial. We work hard, play hard, and always do whatever it takes to delight our customers.
Application security (AppSec) is an integral part of our products’ security and our company’s reputation.
Wiki definition: Application security encompasses measures taken to improve the security of an application often by finding, fixing, and preventing security vulnerabilities… at different stages of an application’s lifecycle such as design, development, deployment, upgrade, maintenance.
The security of IT systems and infrastructure is owned by IT and DevOps, respectively. However, today there’s no clear owner for driving application-level security or guiding the teams on best practices to follow.
This document defines the role and responsibilities of an AppSec lead and the required skills for such a role.
The AppSec lead will work closely with development and DevOps teams to ensure our applications are secured.
Responsibilities
Application security backlog owner
Assess and set priorities for identified risks and vulnerabilities
Support application security reviews
Threat modeling
Application code (in-house) & dependencies (libraries, packages, etc.)
Authentication & authorization flows
Application configuration
Data privacy (encryption, anonymization)
Assess and push adoption of tooling & in-house solutions for addressing security threats.
Educate for secure development
Cultivate best practices
Organize training
Grow security champions in teams
Work closely with the company’s CISO to drive application security compliance
Report to the Platform group manager
Requirements
Requirements
Degree in Computer Science or equivalent.
4+ years of experience in application security roles in a medium-large organization.
2+ years of experience in a leadership role (architect, team lead, etc.).
Experience with OWASP, threat analysis & modeling, and security tools.
Excellent soft skills and professional communication skills, clearly articulating complex topics.
Development experience, preferably with Java & Python.
Advantage – experience with security best practices and solutions in AWS.