Sr. Application Security Engineer

Seniority Level:  Mid-Senior, 

Location: Remote

About the role and about You:

Reporting to the Director, Information Security you will assist in driving key objectives as it relates to the Application Security program. Reporting key metrics to leadership about the state of our applications and the remediation efforts

The Application Security program strives to establish a "paved road" for our engineers so that they can more-easily deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDLC). 

As an Application Security Engineer, you'll serve as a key member of the Application Security program, within the Information Security department. You'll influence Engineering to adopt security and privacy by design, secure SDLC, and provide internal consulting on tracking and following up on remediating security vulnerabilities. You'll work on complex platform security projects both independently and collaboratively in our agile environment. This role requires a background in security as it relates to platform infrastructure, application security, and other aspects of cloud infrastructure security.

What you’ll do:

• Monitor the industry for newly identified threats to cybersecurity and assess the risk to Zwift products
• Assist with product development efforts dealing with security and application vulnerability issues
• Integrate security into the development pipelines. Improving process and the developer experience through automated security testing
• Assist the development teams in creating cloud native applications following industry best practices
• Continuously review and assess company projects/products, identify the risks, and help provide solutions

What you'll have:

• Familiar with industry best practices for secure coding and software security foundations
• Experience in Programming languages such as Python, Go, and Java
• Experience reviewing SAST, DAST, penetration test, and SCA results and providing remediation recommendations
• Capable of architecting, engineering, and operationalizing application security technologies through plan, development, build, test, release, deploy, operate, and monitor phases of the SDLC
• Previous development and security code review experience

Bonus points:

• Familiarity with application security practices in a cloud first environment
• Awareness of numerous vulnerability classes, with knowledge of modern mitigation techniques

How to stand out among the rest:

Your resume/CV is enough to show off your skills, accomplishments, and experience. However, if you choose to include a cover letter introducing us to your awesome personality, we will read that too.

We strongly believe that different backgrounds and ideas are a competitive advantage; we hire candidates of any race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, marital or family status, disability, Veteran status, and any other status. Zwift is proud to be an Equal Opportunity Employer. If you have a disability or special need that requires accommodation, please let us know by emailing [email protected]. 

Zwift, Inc. is an Equal Opportunity Employer.

Transparency in Coverage: 

Health plan price transparency is designed to help consumers know the cost of covered items or healthcare-related services prior to the date upon which they receive care. Transparency in Coverage (TIC) regulations require health insurers and group health plans to create machine readable files (MRFs) that contain the negotiated rates for in-network providers and allowed amounts derived from historical claims for out-of-network providers and make those files publicly available.

Here is the link to the site on which Kaiser Permanente posts its in-network and out-of-network allowed amount machine-readable files (MRFs).

Here is the link to the site on which Anthem posts  its in-network and out-of-network allowed amount machine-readable files (MRFs). The link will allow you to search for your files using your Employer Identification Number (81-2798595)