Senior Application Security Engineer
As a member of the Application Security team, the Senior Application Security Engineer works closely with software engineers, architects, product management and others help integrate tools into their build/development environments to ensure consistent application of security controls across the product portfolio. This person should be familiar with Secure Development practices and have experience helping product teams adopt these activities.
We seek a top-performing technical leader with the passion, experience and gravitas to effectively lead and contribute to this critical technology function. The ideal candidate will be a high energy, team oriented, customer driven problem solver with prior experience building secure software for enterprises.
- Roll out tools and services to all Sophos Product teams
- Design and implement frameworks and features that are instrumental securing Sophos software and systems.
- Guide teams in the adoption of Secure Development activities. (Training, Threat Modeling, Static/dynamic analysis)
- Participate in planning and architecture sessions with engineering management, architects, operations, and development team leads.
- Help teams integrate fuzzing into their test environments.
- Help product teams move to a DevSecOps way of performing application security.
Skills & Experience:
- Minimum of 5+ years’ working on Application Security,
- Minimum of 5+ years working on Vulnerability Assessment & Penetration Testing
- Minimum 3+ years’ working on Threat Modelling and Security architecture reviews
- Understand how vulnerabilities happen, and how to fix them at an architectural level.
- Hands-on experience with static analysis security testing software.
- Skilled on tools like: Findbugs, Coverity, Fortify, Veracode, etc
- Solid understanding of Software development principles.
- Solid understanding of fuzzing
- Developing a Vulnerability Management strategy
- Evaluating SAST and DAST solutions
- Rolling out an Application Security training program
- Experience with Python scripting and automation
- Experience with AWS, Jenkins sand DevSecOps
- Experience responding to and investigating security events and tracking remediation
- Ability to get up to speed on new security framework and concepts
- Experience with application security, OWASP Top 10, SAST, and DAST solutions
- Willingness to be a security generalist and wear multiple hats
- Excellent analytical and troubleshooting skills and demonstrated ability to investigate and solve complex problems, including solving critical production issues in complex systems and investigating and determining root causes.
- Technical acumen to lead the creation of both system-level and service-level designs in collaboration with other technical experts.
- Familiarity with Threat Modeling and Secure Development in general.
- Understanding of how to build tools, frameworks and services that will be consumed by other development teams.
- Penchant for automating everything, and in particular, experience tackling the challenges associated with building frameworks for, automating deployments to and monitoring and maintaining the health of cloud platforms.
- Understanding of common standards / processes / tools and the ability to leverage them where possible.
- Excellent in verbal and written communication, and able to constructively discuss and convey differing ideas, approaches, and perspectives, particularly in written communications.
- Eagerness to learn the world of Internet security and the Sophos product suite.
- Occasionally required to be available out-of-hours.
Sophos is committed to equality opportunity in all areas of its work. All qualified applicants will be treated in a fair and equal manner and in accordance with the law regardless of gender, marital status, race, religion, colour, age, disability or sexual orientation.
Job Type : Full-Time
Education Level : ""
Experience Level : ""
Job Function : ""
Apply at: : https://www.sophos.com/en-us/company/careers.aspx