Intellias is a company created by people, for people. We foster a culture of partnership, caring, and respect. We will never back down on that no matter how fast we grow. What's important to us is attention to individuals, not do-it-like-this processes. Whether we succeed or fail, learn or mentor, start new journeys or reach new heights, we make sure to keep our human touch.
12 листопада 2024

Application Security Engineer

віддалено

Application Security engineers are working with product teams to help deliver secure products. As shift-left evangelists, we want to focus on pre-code activities in product planning and development. This includes reviewing early-stage designs, developing threat models, preparing security requirements, and scaling impact by curating security patterns, guidance, and training.

This is a proactive role, and we are looking for passionate people who will help us build end-to-end security in close collaboration with DevSecOps, Architecture, and Engineering chapters and product teams.

What project we have for you

Our project is a digital ecosystem in a big retail customer.

What you will do

  • You will be the primary security engineer for software products and act as the point of contact for engineering and security.
  • Prepare security requirements based on company policies and best industry security standards.
  • Design, build and review security-related services and functions of cloud web applications and mobile services.
  • Implement best security practices in Cloud Platforms (Azure).
  • Validate vulnerabilities from SCA, SAST, IAST/DAST, and image scanning solutions, and coordinate remediation.
  • Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon or similar tool).
  • Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications.
  • Collaborate with product & development managers to assess and prioritize security-related tasks in the development backlog.
  • Improve and adopt security best practices in testing, automation, and continuous integration pipelines.

What you need for this

Requirements:

  • Solid knowledge of cloud and container security, including peculiarity of cloud security-related services and web/mobile applications.
  • Strong understanding of fundamental network security principles, including knowledge of popular protocols, OSI model layers, and related concepts.
  • Experience in Cloud Platforms (preferably Azure).
  • Demonstrated experience in the Secure SDLC approach. Ability to describe goals, steps, processes, etc.
  • Demonstrated experience in verifying results from SCA, SAST, IAST/DAST, and image scanning solutions (knowledge of OWASP Top 10 and OWASP API Top 10)
  • Scripting/coding with Python and Bash.
  • Proficiency in communicating over a text-based medium (MS Teams, Jira/Confluence, Email) and ability to concisely document technical details.
  • Excellent interpersonal and verbal communication skills.

Will be a plus:

  • Azure Certifications (AZ-500, SC-100)
  • Related technical experience in Product Security Architecture or Engineering.
  • Collaborations with SOC teams.

What it’s like to work at Intellias

This is excellent opportunity to deep dive into best application security practices within huge and dynamic digital cloud based ecosystem!

At Intellias, we are committed to being an equal opportunity employer, fostering equity, diversity, and inclusion. We welcome and celebrate the differences of all qualified applicants. Join Intellias for a career where your unique perspectives are not only valued but crucial to our success.

LinkedIn