Description

This role will include, onboarding teams to our automation platform, integrating Application Security into our Continuous Integration/Continuous Deployment (CI/CD) pipeline, release scanning support.
In this role you will be on a team of security engineers performing triage, analysis, hunting bugs, driving DevSecOps, supporting platforms, working with our threat modeling and our external bug bounty programs.
We are looking for someone with at least 2 years of application security and DevOps/DevSecOps experience. You are a great fit if the following are true:
• You love developers, and are passionate about customer experience.
• You love breaking and building.
• You can handle complicated bugs, security issues, and pipeline problems.
• You can code and hack.
• You have a strong scripting and automation background( you can write in one or more of the following python, JavaScript/TypeScript or PowerShell)
• Can demonstrate where you made a difference, solved problems and help make dev teams happy.
• Experience with Git, Gitflow, SAST, DAST, SCA, IAST tooling.
• Azure Devops or Github automation, or similar experience with CI/CD tooling.
• Know what the OWASP top 10 is, and understand defensive coding techniques.
• Architects and Red Teamers don’t scare you.

Responsibilities

Responsibilities:

DevSecOps

• Support and troubleshoot engineering team pipelines, builds, security defects. Help developers solve application security defects.

• Contributes to inner source and demonstrates engineering community engagement.

• Contribute to and execute on our secure software development strategy for the enterprise.

• Execute on driving application security automation into teams across the enterprise

• Partner with our Security Automation Product Owner, Compliance and governance, and DevOps teams.

• Improve and expand application security quality across our entire portfolio of applications.

• Support releases and engineering work across multiple groups and technical constituencies

• Mentor others, you love to share and support, serve as expert for escalated analysis.

• Support and own application security tooling, SAST, DAST, IAST, etc. (upgrades, rules, services)

Required:

• At least 2 years+ of experience with Applications Security, including familiarity with the leading toolsets supporting Application Security (dynamic and static). Experience with Checkmarx, AppScan, Burp Suite, Contrast, VeraCode, NowSecure, Blackduck, WhiteSource, Fortify or similar tooling.

• Strong application security experience across a variety of technologies and languages.

• Deep experience in static code analysis and third-party software composition analysis

• Excellent communication skills with the ability to influence others

• Analytical and problem solving skills

• Understands Git and related tooling.

• Must be passionate about contributing to an organization focused on continuously improving consumer experiences

• Must be passionate about developer experience, privacy, security, quality and product delivery

Preferred:

• Strong experience in establishing and rolling out DevOps or DevSecOps

• Cloud experience with Azure, GCP, AWS, Heroku – Azure/GP/AWS Preferred. 

• Experience with Docker or similar container platforms.

• Experience with BurpSuite.

• Strong Experience with one of the following: C#, Javascript, Java, Python.

• At least 1-2 years of experience working in a product team. You understand design, delivery, and ownership.

• Knowledge of common information security management frameworks, including but not limited to:

ISO 27001/27002, ITIL, COBIT, NIST, BSIMM.

• Professional security certification, such as a Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) or other similar credentials a plus but not required.