Application Security Engineer

We are a fast-growing middleware and data connectivity components company and we build integration products for customers with enterprise applications. We're building out our next generation architecture with new cutting edge features and looking for talented engineers to join our team. We have a laid-back culture, but love getting things done efficiently with as little bureaucracy as possible and enjoy building quality software that we can all be proud of. We're excited about our future because our products are in high demand and we are building out our next generation of features to meet the market's needs.

Join us because you want to make an impact and are passionate about middleware. We have top-notch benefits as well!

• 100% Remote Work Flexibility (unable to hire in California and Colorado)
• We pay 100% employee premiums for healthcare and dental
• Generous 4 weeks of PTO
• 100% match in your 401k up to 6% of your salary
• Work/Life balance so our engineers do not get burned out
• Year after year our team is growing so you'll have career growth opportunities here
• We are a profitable company with sustained growth and stability - make yourself at home here

We are looking for an Application Security Engineer who will assist us with strategy, development, implementation, and maintenance of the application security program across research, development, quality assurance, support, and IT systems. This is a hands-on position that requires application development experience and secure coding knowledge.

Job Duties:

• Advise in, and participate in, the design of secure products and architectures
• Perform architecture security reviews, security focused code reviews, and security testing
• Create or approve documentation that codifies the application security program: this will include the development of secure coding policies, procedures and standards, modification of the SDLC to include the necessary security checkpoints, product deployment, and code review methodologies
• Evaluate potential security related issues and make recommendations on third party tools and components
• Mentor more junior engineers by leading and influencing technical decisions, processes, and best practices with an expert ability to explain technical concepts in written and verbal forms
• Work closely with engineering and product teams to design and implement security-related systems and functionality, including writing secure code as necessary, and verification of threat models, risk, and security posture
• Monitor software usage and perform forensics to verify that the software and infrastructure is performing to the required security standards
• Perform constant monitoring and awareness of key developments in the area of systems, web application, and client application security in order to provide direction of security trends and anticipate emerging standards and best practices
• Attend all meetings necessary for the seamless delivery of the product as part of the Software Development Life Cycle for both On-prem and SaaS
• Engage with customers as needed for deep dives into our SDLC controls
• Manage and conduct penetration testing and security code reviews
• Lead hands-on trainings for engineering teams following OWASP top risks
• Participate in public security projects and or volunteer time and knowledge to improve the broader security community, representing the company's mission and goals, as well as promoting cooperation and knowledge sharing

Ideal Background:

• 5+ years of application security, SRE, or DevSecOps experience, ideally from a SaaS company background
• Excellent knowledge of OWASP, secure application programming, coding scanning tools such as Checkmarx, and SAST / DAST
• Experience with command line Linux and Azure cloud environments
• Experience with .NET or Java, APIs, and SQL Server (React.js = nice to have)
• Involved in software deployments and build / release
• Application Penetration testing tools and processes
• Understanding of industry practices and compliance – SOC2, ISO, NIST
• Industry certifications such as CISSP preferred
• Bachelor's Degree in Computer Science or Cyber Security (nice to have)

***MUST BE A DEVELOPER OR HAVE A DEVELOPER BACKGROUND***