Senior Application Security Engineer
San Ramon, CA, USA | Leading Technology Company
Industry:Computer Software / Computer Games
Functions:IT / Information Technology
Job Description:56 people have viewed this job
The Five9 Senior Application Security Engineer is based in San Ramon, CA. Using broad expertise, this role collaborates with our product development partners to ensure strategic alignment and security controls are in place to support our various business objectives. You will help define the product security procedures based on industry standards that support a highly dynamic, fast-paced, and diverse organization. We are a passionate team who has fun, enjoys a good laugh but above all else thinks security first.
Define and publish the overall application security strategy with consensus from operational and business partners.
Maintain documentation related to Application Security including the development of secure coding policies, procedures and standards, modification of the Software Development Process to include necessary security checkpoints, code review methodologies, etc.
Research, evaluate, and recommend security technologies that will be applied to technology solutions being developed or maintained internally or externally.
Lead design with the CISO of information security solutions using industry standard methodologies, regulatory guidelines, and corporate policy..
Perform threat modeling, design reviews and code reviews as part of the development lifecycle.
Conduct security assessments for projects, hold security reviews against internal or external solutions that are in process of being crafted or maintained.
Identify and implement products and tools to ensure security of our applications, collaborating with engineering, operations, and IT to harden our environment.
Perform security code reviews, application vulnerability testing, and penetration testing, and train engineering team on best practices in application security
5+ years of relevant experience as an application security application engineer
Public Cloud experience required
B.S. in Computer Science or equivalent experience
Scripting or code experience (e.g. Python, Shell, Java, json, Scrum, Jira, etc.) is required
Knowledge of modern vulnerability threats including intelligence, discovery, mitigation, remediation and root cause.
Working experience and knowledge of data protection policies, standard methodologies, and products, privacy rules & regulations, data security, encryption, digital rights management, data loss prevention.
You are disciplined, with the ability to work alone or in teams, with minimal oversight, driving positive results in difficult circumstances while maintaining attention to detail.
Broad exposure to IT and public cloud regulatory compliance and audit frameworks including ISO, SOX, NIST, SSAE, and PCI.
Knowledge of Agile and Secure SDLC
Maintain an exceptional level of documentation including diagrams, security standards, manuals, and project papers.
Proven ability to effectively engage and communicate as directed with a variety of audiences both technical and non-technical staff.
One or more Certifications (CISSP, GWEB, GPEN, GWAPT, OSWE, OSCE, OSCP) highly desirable
Familiarity with network and web application protocols (HTTP, HTTPS, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc.)
Knowledge or experience implementing SDLC frameworks like OpenSAMM and BSIMM
Software development experience, either via education or via equivalent work experience
Familiarity with security practices relevant to PaaS platforms (e.g., AWS, Gcloud). Service meshes, Kubernetes security techniques, virtual firewalls, etc.