As an Application Security Engineer, you will collaborate closely with development teams, serving as a Subject Matter Expert to offer technical advisory support in comprehending potential threats and vulnerabilities that could impact the Bitso’'s applications. Additionally, you will be an integral part of the team promoting the adoption of the DevSecOps approach throughout the organization.
The role of the Application Security Engineer involves conducting and overseeing security scans early in the Software Development Life Cycle (SDLC) and coordinating the remediation of findings with other teams in the company. Success in this position necessitates proactive engagement and availability 24x7
What we value:
- Passion, technical expertise, and personal accomplishments.
- Independent ownership of business problems and their solutions.
- Attitude of helping others and sharing your knowledge.
- Passion for aggressively automating everything we do.
- Rolling up your sleeves and getting things done.
Responsibilities
- Collaborate with cross-functional teams to integrate security controls into the SDLC.
- Work with engineering members acting as subject matter expert on vulnerabilities and security threats.
- Coordinate efforts to remediate identified application security risks and vulnerabilities.
- Conduct thorough security assessments, including code reviews and penetration testing, to identify vulnerabilities in applications.
- Train developers, security champions and teams in security coding techniques.
- Participate in the continuous improvement of security policies, procedures, and standards.
To succeed in this role, you’ll need:
- 3+ years of experience in DevSecOps or related roles.
- You are proficient in English both written and spoken.
- Proven experience as an Application Security Engineer or in a similar role.
- In-depth knowledge of secure coding practices and common vulnerabilities (OWASP Top 10).
- Experience with some of the most common SSDLC frameworks, such as Microsoft SDL, OWASP SAMM and NIST SP 800-64.
- Strong programming skills (i.e., Python, Java, PHP) and familiarity with common web application frameworks.
- Familiarity with DevSecOps principles and integration of security in CI/CD pipelines.
- Hands-on experience with static application security testing (SAST/SCA).
Additionally, it would be nice if you:
- Are familiar with vulnerability disclosure and bounty programs.
- Knowledge of AWS services.
- Have technical certifications including but not limited to OSCP, OSWA, OSWE, eCPPT, eWPT.
- Actively research about security, publishing in social media, personal blog, etc.
- Have published any security related article, papers, exploits, CVEs, etc.
- Are looking for a dynamic, fast-paced and challenging role.
Research in Diversity, Equity, and Inclusion suggests that individuals may hesitate to apply for jobs if they do not meet all the listed criteria. At Bitso, we value diversity and your unique strengths could be just what we're looking for. If this role excites you but you don't match every point in the description, we still want to hear from you.