Application Security Engineer (вакансія неактивна)

SHAPE THE SECURITY EXPERIENCE OF OUR CUSTOMERS AND PROSPECTS

At Sisense, we are on a mission to empower modern data teams to deliver insights to everyone inside and outside their organisations. We bring “power to the builders” by enabling our customers to answer complex questions with data and drive the best business outcomes possible.

The experience you’ll develop, design and implement security touch-points into the Sisense product and support the trajectory of our new unified cloud product while maturing the existing on-premise product. While this role will primarily focus on application security, there will be plenty of opportunity to expand into other areas of Security Operations (Vulnerability Management, Bug Bounty and Incident Response) and Security IT (Configurations, SaaS security tooling and overall automation)

WHY YOU SHOULD JOIN OUR INFORMATION SECURITY TEAM:

Customers trust us with their most important data. They use Sisense to query everything from revenue metrics to the personally identifiable information of their users. You will lead the effort to constantly improve the security of Sisense’s architecture, On-premise deployment, Managed Service capability and emerging SaaS solution. You will own applying risk-based security touch-points into the SDLC/PDLC for the Sisense product out of Kyiv, Ukraine and Tel Aviv, Israel, ultimately the global team of Sisense. You’ll be expected to design and deploy solutions that are both highly secure and highly functional while moving at the speed of the business. Enabling everyone at Sisense to keep moving fast while continuously increasing the strength of our security may be your greatest challenge.

HOW YOU’LL RAMP

Within your first days you’ll...

• Partner with the security team to understand the organisational mission, attack surface and helping define the appropriate risk-based security initiatives
• Spend time with the engineering and product team to get up-to-speed on our technology stacks and current security controls

• Spend time with the IT, R&D and potentially customers to get up-to-speed on our technology stacks and current security controls

By Day 30, you’ll...

• Have a solid fundamental understanding of our products, people, processes and technologies
• Perform initial assessment on the strengths and weaknesses of the current product through analysis, automated scanning, and/or custom attack patterns
• Provide recommendations for identified opportunities from the current state processes
• Review code and other production changes to ensure no security issues are introduced
• Work with key stakeholders to ensure compliance of Sisense’s internal procedures and compliance goals (SOC2, HIPAA, ISO, GDPR, CCPA)

By Day 60, you’ll...

• Drive security improvements to production cloud environments
• Collaborate with third-party penetration testing vendors
• Perform targeted offensive security testing
• Evangelise better security throughout the company

By Day 90, you’ll...

• Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application and infrastructure layers
• Support External and Internal Penetration Testing efforts and assist with driving issues to closure
• Assist with our bug bounty program and maturation of Hacker powered security
• Promote a security-first culture and ensure that all employees at Sisense are able to protect the organisation from threats

WHAT YOU HAVE AND ACCOMPLISHED SO FAR:

• Experience working as a security engineer, consultant or similar position
• Security mindset as a business enabler as part of the core security foundation of driving change with an effective communication style
• Hands-on experience in configuring and hardening cloud-based infrastructure (AWS, Google Cloud, Azure, etc.)
• Experience with container technology (Kubernetes)
• Strong experience in Python, Java, JavaScript, Go and Ruby on Rails
• Demonstrated capability in secure coding (input validation, session management, etc.) and performing automated or manual static analysis
• Hands-on experience in conducting penetration testing and vulnerability assessment at the network and application layers
• Ability to dissect new systems, product requirements, features to identify and develop security requirements
• Basic understanding of security processes (access management, incident management, data security, etc.)
• Security certifications such as OSCP, CISSP, CEH, GWAPT, etc.

OUR BENEFITS:

• We’re all working remotely now. However, a new office with a superior view is waiting for us when life gets back to normal. You will be allowed but not obliged to visit office on a hybrid mode.
• We hire only people we trust. All Sisensers join the company without a probation period.
• We believe all Sisensers should be owners in our company’s success. We grant all employees stock options that start vesting on Day One.
• We support a work-life balance philosophy and provide unlimited vacations (flexible time off) to all Sisensers.
• We support professional growth with a personal learning budget (for on-line courses, language programs, books etc.), as well as corporate trainings, professional certifications, and so on.
• We care about each other. All team members have extended medical insurance package and additional COVID-19 coverage.
• We provide Sisensers with a sport reimbursement to support physical fitness and mental wellbeing.
  

ABOUT SISENSE:

• We’re a passionate, venture-funded team with more than 2000 customers, including Nasdaq, GE Healthcare, Honda, Verizon, and Philips
• We believe strongly in a data-driven approach to all that we do. We’re constantly measuring and optimizing everything about the business.
• We have close relationships with our customers.
• We’ve been recognized by Comparably, Glassdoor, and Gartner for our amazing company culture.
• We have super high customer retention — better than best in class SaaS companies.