Application Security Engineer
Are you a passionate innovator looking to harness the power of technology to do more good? You've come to the right place. At Bonterra, our purpose is to power those who power social impact. To that end, we serve the people who make social good possible-the doers behind the scenes across nonprofits, public agencies, corporations, philanthropic organizations, and foundations.
As the second-largest and fastest-growing social good software company in the world, Bonterra brings together leading solutions from CyberGrants, EveryAction, Network for Good, Social Solutions, and their respective entities. By bringing our intuitive technology and expertise together, Bonterra will enable unprecedented connectivity between social good organizations and their community of supporters and constituents. This will reshape philanthropic giving, empower digital transformation, and bring the social good sector the technology it needs to accelerate lasting social change.
Do you love to stay up to date on the latest application security news and trends? Are you detail oriented, passionate, and committed to continual development, especially helping others? Have you been a developer and are now looking to make a bigger impact? Do you enjoy improving applications and working with development to build in security from the design forward for the benefit of our customers? If so, please read on!
What You'll Do
- Report directly to the Sr. Director of Application Security
- Research, evaluate, and recommend application security tooling and training appropriate for each line of business
- Work closely with development teams to understand their needs and the risk profile for each application and customize solutions to meet the needs of the application
- Own the implementation and management of SAST, SCA, DAST, and other scanning solutions to provide coverage for the application portfolio Guide development teams through a review of their applications and risks against common vulnerability lists like OWASP Top 10 and others Provide visibility to senior management along with context and prioritization of the issues
- Operate as an advocate for Security in interactions with internal and external teams
- Assist development teams with vulnerability mitigation and response
- Serve as a technical resource for client testing and vulnerability discussions
- Work with Risk & Compliance teams on SOC 2, PCI-DSS, HIPAA , and other audits as needed Researches and recommend policy and procedures as they relate to Application Security
- Lead projects to implement security technologies for the entire enterprise
- Lead team meetings when the Sr Director of Application Security is not present
Requirements
- 5-7 years of experience in technical roles (system administrator, programmer, etc.) required, preferably in a fast-paced and constantly changing environment with 2-3 years of experience in software development
- Expertise in vulnerability management strategies, standards, procedures, and technologies across infrastructure- and application-level vulnerabilities
- Experience with information security frameworks & controls. Knowledge of NIST, ISO, SOC 2, PCI, and/or CIS Controls
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner Effective and pragmatic judgement in prioritizing security efforts to mitigate the appropriate risks
What sets you apart
- Experience with and knowledge of securing cloud services such as those built on AWS and/or Azure
- M&A (Mergers and Acquisitions) assessment and Information Security gap analysis experience is a plus
- Well-versed in deploying native and third-party technologies to secure endpoint platforms and workloads from on-prem to remote to the cloud Hands on experience with SAST, DAST, SCA tools like Snyk, Qualys, and CloudFlare
Our Culture:
Our team is made up of industry experts and advocates who are 100% committed to supporting the doers of social good. We are currently undergoing an effort to create the vision and values that embody our collective organization and embrace the individuals who make up our community.
Our comprehensive and competitive benefits include:
- Generous Flexible Time Off (FTO) Policy
- Equity for ALL regular, full-time employees from individual contributors to management - share in our success!
- Up to 15 paid company holidays including some commemorating social justice events and self-care
- Paid volunteer time
- Resources for savings and investments
- Paid parental leave
- Paid sick leave
- Health, vision, dental, and life insurance with additional access to health and wellness programs.
- Opportunities to learn, develop, network, and connect
We are committed to being an equal opportunity employer and evaluate qualified applicants without regard to race, color, religion, sex, pregnancy (including childbirth, lactation and related medical conditions), national origin, age, physical and mental disability, marital status, sexual orientation, gender identity, gender expression, genetic information (including characteristics and testing), military and veteran status, diversity of thought and any other characteristic protected by applicable law.