Application Security Engineer III

Job description

Job description

Job Requirements

• We're looking for a full-time phenomenal Application Security Engineer III to architect and lead the implementation of the security-related aspects of our ITX platform.
  
  This will include evaluating and recommending new and emerging cloud security technologies and standards to ensure it is highly secure, resilient, and consistent with the Info Sec policies and compliance requirements.

What You'll Do

• Lead, design, implement and maintain the Phenom Secure Architecture & Software Development program to support the best cybersecurity development practice, and ensure Phenom ITX Platform is highly secure, resilient and aligned with business and product development strategy.
• Identify appropriate cybersecurity controls and provide guidance to Senior Engineering and Product Management on defining and prioritizing its development on the Phenom ITX platform.
• Continuously review and identify security improvement opportunities in existing processes, services, and workflows to ensure Phenom platform is robust against current and future cybersecurity threats.
• Participate in architecture design reviews with senior engineering and product management staff to provide guidance on defining and incorporate effective threat modeling and security standards into product design
• Work on implementing the required fixes to remediate the vulnerabilities in collaboration with the engineering team as needed
• Support and manage cybersecurity process activities including security requirements definition, threat modelling, code reviews and cyber risk assessment.
• Design and develop processes, solutions and automation for security reviews and testing activities including those within the CI/CD pipelines.
• Evaluate application security tools to improve our detection and prevention capabilities
• Develops and maintains a 'security by default' standard to be used in the development, infrastructure, or any other technology project
• Develops, maintains, owns, and regularly updates Phenom Secure Architecture, including technology stack, information flows, solutions and services
• Work with the Global InfoSec Team to develop strategies and plans to enforce security requirements and address identified risks and embed it as a requirement into the Phenom Secure Architecture.
• Collaborate with engineering/development teams to evolve SW assurance processes to address security risks, and help teams learn and adopt shift-security-to-left practices.
• Prepare and deliver training on Security Development Lifecycle to engineering/development teams 
• Coach less experienced team members, provide training as required and demonstrate best practices through hands-on involvement in all cyber related activities.
• Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics.

Must Have

• Bachelor's degree or higher in related field
• 6 to 8 years hands-on technical expertise as Application Security Engineer

Specialized Knowledge

• Experience with Amazon Web Services cloud environments
• Experience with microservices architectures & distributed Platforms especially in the SaaS businesses
• Experience using Agile software development
• Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)
• Knowledge of information security principles (Confidentiality, Integrity, Availability Authentication & Public Key Infrastructure (PKI), Data Security or Cryptography), and understanding of common exploitation techniques and mitigation.
• Experience implementing, managing, and supporting a vulnerability management program (process and technology).
• Experience and knowledge of implementing a DevSecOps ecosystem and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and automation best practices.
• Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.) and how they help to protect an application.
• Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE)
• Understanding of global frameworks and standards like NIST, ISO 27001/27002/27017/ 27018, GDPR, etc.
• An Information Security qualification or evidence of starting to work towards e.g CSSLP – Certified Secure Software Lifecycle Professional, CISSP- Certified Information System Security Professional, CCSP – Certified Cloud Security Professional, or similar certification.
• Thought leadership, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask

Benefits

• We want you to be your best self and to pursue your passions!
• Health and wellness benefits/programs to support holistic employee health
• Flexible hours and working schedules, as well as parental leave for new parents
• Growing organization with career pathing and development opportunities
• Tons of perks and extras in every location for all Phenoms!

Required Skill Profession

Computer Occupations