Application Security Engineer

Information Security Budapest, Hungary

About Liferay 

 

Liferay, Inc. is a uniquely profitable B2B enterprise software company with 1,200+ fiery-eyed employees all across Europe, the Americas, the Middle East, Asia, and Africa. As a renowned provider of enterprise open source technologies, we have been recognized by Gartner for empowering businesses around the world to solve complex digital challenges.  Liferay Experience Cloud is an all-in-one solution that unites our Liferay DXP and cloud platform capabilities with built-in analytics and B2B commerce functionality, reducing the time to market and allowing for accelerated innovation - serving notable customers across the globe such as Airbus, US Bank, Honda, and Desjardins. 

 

But we don’t just make awesome software, we are also fueled by a greater-than-profit vision. By building a vibrant business, making technology useful, and investing in communities, we make it possible for people to reach their full potential to serve others. We give our employees five days off to volunteer at charities they’re excited about, and Liferay donates 10% of our profits to charities around the world. Oh, we’re also self-funded which gives us the freedom to work on whatever we think brings the most value to customers and communities in the long run!



About You and this Role

As a Site Reliability Engineer you will be part of  a team tasked with setting up and evolving our troubleshooting, observability and monitoring capabilities in order to provide excellent services to our customers. You will also have responsibilities on incident management and problem management disciplines as well manage and deliver technical debt to our platform. Working alongside peers around the world, regional best practices will be shared and implemented.  Your ultimate goal is to provide fail proof services, while improving our platform and mentoring other team members along the way. If you thrive as a code sleuth in a fast-paced environment and enjoy the challenge of always facing new problems, we have the right spot for you. Our team is distributed globally and you have the unique opportunity of learning and connecting with peers in different regions across the globe. If this sounds like a challenge you are up for, apply today!



Key Objectives

  • Conduct application security code reviews of Liferay applications (esp. Liferay’s SAAS, PAAS offerings), identify design flaws and vulnerabilities, help Engineering team to address the findings
  • Lead security reviews and threat modelling of new features, architecture changes and security tests
  • Identify security gaps in the software development lifecycle and enforce use of security practices through automation
  • Perform security assessments of the application
  • Organize and manage security vulnerabilities from identification to resolution (security vulnerability management)
  • Cooperate with various product teams to secure the build and release pipeline
  • Work with Information Security team on improving Application Security program through policies and procedures
  • Improve product protections based on new threats and vulnerabilities
  • Support team members with the best security practices, tools and procedures, documentation, raise security awareness and help with security trainings

 

Required Qualifications

  • Bachelor's degree in computer science or equivalent
  • 2+ years security experience
  • Strong understanding and experience with security libraries, security controls implementation and security vulnerabilities
  • General security experience and knowledge of internet protocols, networking and application level attacks
  • 5+ years software development experience
  • Experience with JavaScript in both backend and frontend
  • Experience with REST APIs, GraphQL or both
  • Experience in Agile software development
  • Excellent communication skills
  • Ability to identify repeatable processes and automate them quickly



Preferred Qualifications

 

  • Professional experience with NodeJS
  • Professional experience with React
  • Professional experience with Java
  • Professional experience with Kubernetes
  • Professional experience with cloud environment like GCP, Azure or AWS
  • Experience leading small teams (2 to 4 devs)
  • Knowledge of OWASP Application Security Verification Standard and OWASP SAMM
  • Experience with bug hunting or penetration testing



What We Offer

  • Salary package w/ competitive benefits according to qualifications and experience
  • Opportunities to take responsibility, grow professionally, and Stay Nerdy
  • A positive and collaborative work culture
  • Check out what employees say about us on Glassdoor 
  • Working at a leading open-source company

Equal Opportunities Employer - Statement

 

Liferay is committed to the equal treatment of all candidates, customers and employees and to fostering a culture of dignity at work. Our operating procedure provides for equal opportunities in recruitment and employment with the aim to eliminate discrimination against any job applicant or employee on the basis of race, age, sexual orientation, gender, religion or beliefs, marital or civil partnerships status, family or dependency status, disability, pregnancy and maternity or membership of a traveling community.