Lead Application Security Engineer
Become a digital, global citizen and enable the new generation of digital entrepreneurs around the world. AppDirect offers a subscription commerce platform to sell any product, through any channel, on any device - as a service. We power millions of subscriptions worldwide for organizations. We do this by our values-driven culture—one that enables you to Be Seen, Be Yourself, and Do Your Best Work.
AppDirect is seeking a Lead Application Security Engineer to join our Global Application Security Team. As the Technical lead, you will have the responsibility of ensuring the security and integrity of our SaaS platform. By collaborating with our talented Application Security and Engineering teams, you will play a crucial role in enhancing and maintaining a security engineering culture within our organization. If you are a driven and collaborative individual with a deep understanding of application security principles and devsecops, we invite you to join us at AppDirect and make a significant impact in securing our SaaS platform.
What you’ll do and how you’ll have an impact
- Implement and enforce secure code principles (e.g., OWASP TOP 10) across all AppDirect products;
- Identify security gaps and vulnerabilities through SAST, DAST, SCA, penetration testing, code review;
- Participate in design and architecture reviews to provide security guidance and recommendations and help shift left the security activities at AppDirect;
- Conduct security reviews and code audits to identify vulnerabilities, propose remediation strategies and work with Engineering teams to lower the risk;
- Ensure end-to-end security of AppDirect Marketplace by hands-on testing, hypothesizing threats, helping development teams remediating risks upfront, and championing secure implementation efforts;
- Evaluate and secure the CI/CD pipeline to ensure the safe and reliable delivery of products;
- Develop and deliver training programs to promote security awareness among developers and engineers;
- Work closely with Developers and Pipeline team to best secure the code and the tools used to deliver the product;
- Write Policies, Standards, Processes, Guidelines and help answering customer questionnaires.
What we’re looking for
- At least 5 years of professional hands-on experience in application security;
- Strong understanding of secure coding practices and knowledge of industry-standard frameworks such as OWASP TOP 10;
- Knowledge and experience working with one or more SAST, DAST, IAST, SCA and Fuzz testing tools;
- A strong foundation of security architecture, protocols, vulnerabilities, and countermeasures;
- Experience working with development, engineering, and architecture teams to ensure security best practices are followed;
- Experience with containerization technologies (e.g., Docker, Kubernetes) and securing containerized applications;
- Familiarity with CI/CD tools and pipelines (e.g., Jenkins, ArgoWorflows, etc.) and securing the delivery process;
- Strong analytical and problem-solving skills, with the ability to think outside the box and quickly adapt to new technologies;
- Ability to communicate effectively utilizing critical thinking skills, the ability to learn new concepts, and problem-solving as they arise;
- Self-motivated; able to work independently and aiming to lead a world wide team.
At AppDirect, we believe that innovation thrives in an environment that houses diversity of excellence, experience and thought. We respect each AppDirector as their own fingerprint; unique with no one alike. We foster an environment of inclusion without regard to race, religion, age, sexual orientation, or gender identity enabling AppDirectors to embrace their uniqueness to do their best work. As such, we strongly encourage applications from Indigenous peoples, racialized people, people with disabilities, people from gender and sexually diverse communities, and/or people with intersectional identities.