Application Security Engineer#
An Application Security Engineer is responsible for ensuring the security of amazee.io's internal systems and public services. They will work closely with the engineering, operations, and product teams to ensure that security is integrated throughout the development life cycle, and help with implementation of application security best practices. They will also conduct security assessments, and respond to security incidents.
- Perform security assessments and identify potential security risks in amazee.io software and systems.
- Develop and implement security measures to protect the amazee.io platform against potential threats.
- Work closely with development teams to ensure secure coding practices are followed.
- Collaborate with other teams to implement security best practices throughout the organization.
- Stay up-to-date with the latest security trends, vulnerabilities, and mitigation techniques.
- Manage and respond to security incidents in a timely manner.
- Conduct security audits and assessments on third-party integrations and services.
- Create and maintain security documentation and policies.
- Provide security guidance and training to other teams in the company.
- Provide a point of contact for security-related questions from both internal and external stakeholders.
While the Application Security Engineer can assist with fixing security issues in software or systems maintained by other teams, responsibility for ensuring security issues are fixed remains with the owner of the software or system.
Requirements and Qualifications#
- Formal qualification in Computer Science, Information Security, or equivalent work experience.
- 3+ years of experience in application security or related field.
- Strong knowledge of web application security vulnerabilities and mitigation techniques.
- Experience with Kubernetes and container security.
- Familiarity with DevSecOps practices.
- Familiarity with cloud security and infrastructure as code concepts.
- Excellent communication and collaboration skills.
- Ability to work independently and collaboratively with cross-functional teams.
- Strong programming skills in Go or other programming languages.
- Familiarity with guidelines and recommendations from organizations such as NIST and OWASP.
- Relevant industry certifications.
- Experience with Azure AKS, Google GKE, and AWS EKS.
- Experience with threat modeling and risk assessment techniques.
- Participation in security-related communities and events.
- Contributions to open-source security projects.
Employees who currently work in a technical role at amazee.io will gain many of the skills required to excel as an Application Security Engineer as they gain more experience with and exposure to the systems which power the amazee.io platform. These are the basic qualifications required before a move to the role of an Application Security Engineer would be considered:
- At least one year of experience in a technical role at amazee.io.
- At least three years of experience in a technical role overall.
- A strong desire to work in Information Security.
- A written positive recommendation from the employee's lead.
- Some form of Information Security industry certification or relevant education (completion of a college level course in Cybersecurity or the completion of a reasonably advanced Cybersecurity focused online learning program).
- Bonus Points for having found a security issue in Lagoon or the amazee.io platform.