Application Security Engineer
This position reports to the Security Architecture Lead for Climate within the Climate Security Office. You’ll be working on application security across a range of technologies and environments, from mobile applications (Android and iOS) to Cloud services. You will be working directly with product developers, QA engineers, and internal data science algorithm developers to help them secure Climate’s applications, and will be jointly responsible for security engineering, code analysis, and design guidance. You will collaborate with your colleagues in the Security Office to help identify and report application risk, create and maintain policy and standards related to application development and software supply chain, and create and deliver education and awareness of application security across the company.
What You Will Do:
In this AppSec role, you will be primarily responsible for reviewing and enhancing existing company application products and services.
This will be achieved by providing software product engineering solutions and support to enhance identity and access controls, identify poor design and implementation practices that could lead to security incidents, and ensure security flaws are addressed.
You will drive integration of security designs consisting of reusable high-level architectures, design patterns, and control libraries into Climate’s Cloud services platform, by applying your security and software engineering knowledge, and using a variety of software and product security assessment techniques.
- B.S. degree in Computer Science, Mathematics, or Science, Computer or Electrical Engineering, or equivalent experience.
- Demonstrated ability to understand common software development security issues and practices.
- Hands-on experience with software development and architectures at both system and software stack perspective in mobile applications and/or cloud systems.
- Knowledge with or familiarity of cybersecurity programs, especially related to software development.
- Commitment and desire to learn new security skills to defend against emerging threats and as needed to be effective in the role.
- Experience with Amazon AWS services, IaaS/PaaS/SaaS cloud environments.
- Experience with static code analysis techniques, such as Fortify or CheckMarx, or open-source equivalents; threat analysis or modeling helpful.
- Experience understanding security aspects of Pen-Test assessment and mapping security findings into software engineering bugs fixes or enhancement requests.
- Basic understanding of security models surrounding encryption, authentication, authorization and access controls, and related open-source technologies.
- Understanding of data security and access modeling for relational and nonrelational data stores.
- Working knowledge of SCM tools, release/build (Jenkins, Hudson), and CI/CD.
- Results-oriented with the demonstrated ability to effectively prioritize and successfully manage security project.
- Professional software development training and/or experience.
- Basic understanding of Microsoft SDL, Cigital’s BSIMM, and/or SAFECode.
- Basic understanding common penetration testing tools and platforms such as Kali, MobiSec, Samurai, Burp, Drozer, nmap, ReadyUI, etc.
What We Offer:
Our teams are composed of industry experts, top scientists, and talented engineers. The environment is extremely engaging and fast-paced, with dozens of specialties coming together to provide the best possible products and experiences for our customers.
We provide competitive salaries and some of the best perks in the industry, including:
- Superb medical, dental, vision, life, disability benefits, and a 401k matching program
- A stocked kitchen with a large assortment of snacks & drinks to get you through the day
- Encouragement to get out of the office and into the field with agents and farmers to see first-hand how our products are being used
- We take part and offer various workshops, conferences, meet-up groups, tech-talks, and hackathons to encourage participation and growth in both community involvement and career development
We also hinge our cultural DNA on these five values:
- Inspire one another
- Innovate in all we do
- Leave a mark on the world
- Find the possible in the impossible
- Be direct and transparent
Learn more about our team and our mission:
The Climate Corporation - The Technology Behind Making A Difference
As part of our dedication to the diversity of our workforce, The Climate Corporation is committed to Equal Employment Opportunity without regard for race, color, national origin, ethnicity, gender, protected veteran status, disability, sexual orientation, gender identity, or religion. If you need assistance or an accommodation due to a disability, you may contact us at email@example.com