Principal Application Security Engineer (Remote - US)

Apply for this position Please mention DailyRemote when applying
Posted a day ago United States Salary undisclosed
Before you apply - make sure the job is legit.

Attempting to apply for jobs might take you off this site to a different website not owned by us. Any consequence as a result for attempting to apply for jobs is strictly at your own risk and we assume no liability.

Job Description

Principal Application Security Engineer

100% REMOTE-FTE/Direct Hire
Base salary + annual bonus+ unlimited PTO+ 11 Paid Holidays

at this time, this role doesn't accept c2c candidates or candidates that need sponsorship now or in the future (h1b/cpt/opt)

The primary focus of this role is on security containers and FaaS security (function as a service)

Job Summary

The mission of the individual in this role is to leverage their strong understanding of enterprise-level knowledge and/or expert knowledge to mitigate cyber security risk through the protection of container and Function as a Service workload. They will actively work with the business, Digital & Technology, and other partner organizations to seamlessly integrate security processes, tools, and people into the business culture providing a holistic security ecosystem, driving continuous improvements and seamless protection/monitoring capabilities globally. Leads and executes complex initiatives that drive problem resolution. As a senior member of the team, this individual will work with progressive development teams with a mindset toward being agile and solving problems iteratively.

Essential Duties and Responsibilities

•Be a broker of security, being able to sell the benefits of security, while being mindful of the needs of development teams all over the world

•Understand the concepts of assessing risk, rather than just saying "No". Be able to find a way to make development teams successful, while still ensuring secure practices

• Configuring, and administrating technologies for our product teams including SAST, DAST, OSA, secrets management, etc...

•Help software development teams to understand, and remediate security findings

•Construct threat models with development teams

•Participate in development team sprint planning to raise awareness of security concerns

•Work with development teams throughout the entire SDLC to ensure code is secure by design, and all the way through production deployment.

•Help identify and educate Security Champions within development groups

•Assist in the development of internal security policies, procedures, and guidelines

•Be able to quickly come up to speed on new and emerging technologies/cloud services, and understand how to establish at least a baseline of security for them

Have well-founded opinions and be willing to express your disagreement when something doesn't pass the 'smell test' for you.

Supervisory Responsibilities

Shape the direction of the program team moving forward. May provide formal supervision to individual employees within single functional or operational area. Recommends staff recruitment, selection, corrective action and termination. Prepares and delivers performance appraisals for staff. Mentors and coaches team members to further develop competencies. Leads by example and models behaviors that are consistent with the company's values.

Education and Experience

•Advanced understanding of DevOps practices, and CICD pipelines

• Advanced understanding of application security testing tools for SAST, DAST, OSA, etc.

•Advanced experience with either AWS or Azure

•Strong experience with containers and orchestration platforms (Kubernetes, Mesos, etc.)

•Strong experience with Kubernetes as well as managed deployments such as EKS and AKS

•Strong experience integrating application security into Agile teams

•Strong experience in threat modeling

•Intermediate knowledge of Infrastructure as Code (Terraform, Ansible, etc.)

• Bachelor's degree (BA/BS) in a related field of work

o or equivalent combination of education and experience (equivalent work experience = 2 years of related experience for every year of higher-level education).

Other Skills and/or Abilities

• Experience with GCP or AliCloud

• Understanding of modern software development practices

Communication Skills