The Flybits Security Engineering Team is seeking Application Security Engineers to help keep Flybits secure and safe from attackers. This is a unique opportunity to help shape security engineering practices within our engineering organization.
This role has a broad scope, ranging from developing Dev Sec Ops automation services, system integrations using API’s, and Webhooks. Development of automated processes of security tools, coloration of data through analytics, and design of integrated dashboards tools. This role presents an ultimate test of one’s security knowledge and ability.
An Application Security Engineer at Flybits is expected to be strong in multiple domains. Application Engineers in this role work closely with and provide technical leadership and advice to teams and leaders throughout Flybits. You will be working as an embedded member of our Engineering teams and thereby will gain intimate knowledge of the Flybits platform. Additionally, you will leverage the knowledge you gain about Flybits to find new ways to break software and processes throughout the company.
Engineers in this role must show exemplary judgment in making technical trade-offs between short-term fixes and long-term security and business goals. They must also demonstrate resilience and navigate difficult situations with composure and tact. Individuals in this role will be expected to provide thought leadership for the organization as you discover, invent and innovate throughout the course of their duties. Above all else, a strong sense of customer obsession is necessary to focus on the ultimate goal of keeping Flybits and its customers secure.
- Integration of security tools through API’s, webhook or other custom integration.
- Conduct full life cycle engagements as part of a team.
- Contribute to creation and maintenance of integrated security dashboards pulling multiple security systems into a unified global view.
- Contribute to automated Security Incident Response system to move playbooks to an automated tracking platform integrated with other Flybits Systems.
- Automation of security tools into the DevOps process to utilize true Dev Sec Ops
- Communicate issues or findings and discoveries, prioritize and execute remediation plans.
- Train developers or platform engineers of the automation efforts
- Assist in Security Incident Response and Cyber Forensics during and post an incident and assist in reverse engineering the attack and designing security controls
- Validate exploits findings from third party penetration testers
- Review and validate findings from the Flybits bug bounty program
- Provide support to Flybits platform teams in secure code practices, vulnerability reviews of third-party libraries or other security findings.
- BS in Computer Science or related field, or equivalent work experience
- 4+ years as a principal or senior application developer or engineer role.
- Advanced knowledge and understanding in various disciplines such as security engineering, system and network security, authentication and security protocols, cryptography, and application security
- Experience with distributed systems, SaaS products, microservices architecture, and API-driven services
- Experience with cloud service providers and their offerings, preferably AWS and its various technologies and APIs
- Experience with container technologies such as Docker and orchestration platforms such as Kubernetes
- Experience with data analytics, indexing and data algorithms.
- Familiar with CI/CD Pipeline (using tools such as CircleCI, Travis) and other automation tools
- SDLC, ITIL, Agile development methods and testing.
- Experience with Redhat, AWS Linux, AWS Linux 2
- Understanding of OSWAP Top 10, SANS Top 20, NIST 800-53, CIS, CSC or other security standards
Nice to Have:
- Master of Science in Cyber Security, Information Security, MIS or equivalent
- Knowledge of the MITRE ATT&CK Framework
- Industry security certifications such as CISSP, CEH or others
- Experience in conducting social engineering focused assessments
- Experience in CTF competitions, CVE research and/or Bug Bounty recognition
- Experience in Web and Mobile (Android/iOS) based application/service assessment
- Experience in Wireless and Network assessment in enterprise infrastructure
- Experience in reverse engineering and associated tooling such as IDA
- Experience with technologies such as Elastic, Redshift, and Datadog
- Knowledge of fuzzing, memory corruption and exploit development
- Knowledge about hardware hacking
- Intermediate to advanced communication and presentation skills
- Experience providing training and mentorship
- Demonstrable teamwork skills and resourcefulness
- Ability to make concrete progress in the face of ambiguity and imperfect knowledge
Flybits empowers enterprises to connect with their customers more meaningfully through micro-personalized experiences, powered by contextual data. Flybits aggregates disparate sources of relevant public and proprietary data without technical hassle, enabling Fortune 500 organizations to build sophisticated and evolving customer engagement programs with ease. Leveraging unique and patent-protected AI and machine learning capabilities, experiences created through Flybits become increasingly effective in delivering success. From driving product awareness to offering virtual concierge-style services, enterprises across the globe are using Flybits to add significant value to the lives of their customers and preparing themselves for the new data economy.
Flybits is an Equal Employment Opportunity Employer. Employment, recognition and advancement at Flybits are based solely on individual merit and qualifications directly related to professional competence. We provide equal opportunity regardless of race (though currently we hire only humans), color, gender, ethnicity, ancestry, national origin, age, religious affiliation (or lack thereof), sexual preference or orientation (or lack thereof), pregnancy status, medical condition, marital status, or any other characteristic protected by law.
We will also make all reasonable accommodations to comply with the Americans with Disabilities Act (ADA) and similar Canadian, State, and Provincial disability laws.