Wag! is looking for an engineer to own the security of the application layers – both on the server and the client (Web, iOS, Android).
Can you think like an attacker and code like an engineer?
Wag! is looking for a passionate Application Security Engineer that is a seasoned penetration tester and source code reviewer. A true WhiteHat, this engineer must be able to demonstrate the real-world risk of vulnerabilities with proof-of-concept exploits and use these to educate developers and expedite remediation.
- Identify security issues, prioritize and then collaborate with the engineering teams to mitigate the vulnerabilities in the most effective manner using the least amount of resources (quick, clean and elegant solutions).
- Perform manual penetration tests and code reviews, as well set-up automated scanners and security tests in our CI/CD pipeline.
- Manage vulnerability reports from a variety of sources (pen tests, scanners, static code analysis, AWS auditing tools, etc.), assign priority and triage the mitigations through the engineering teams.
- Help implement a holistic Security Development Lifecycle (SDLC) to ultimately identify security issues before they go into production, integrate software security into daily development, educate developers, police PRs and embedded security by design through architecture, threat modelling, audits, etc.
- Collaborate with the security team on our threat detection tools, both custom alerting tools and enterprise SIEM/IDS systems, to gain visibility into application layer attacks; as well as aid the team’s efforts in the areas of incident response and procedure.
- Help develop, manage, and enforce security related policies and procedures; support our internal and business-to-business Compliance program, practices and documentation.
- Develop secure coding guidelines and effectively train developers on those guidelines.
- Participate in the design and deployment of new architecture, software, services, etc.
- Evangelize good security habits and secure development practices
- Hold a bachelor’s degree in Computer Science or related field; or equivalent post high school education and/or work-related experience.
- Five years’ experience working as security engineer or penetration tester.
- Demonstrated knowledge of application security far beyond the OWASP Top 10.
- Experience in working with compliance and regulatory program requirements.
- You have certifications such as (CISSP/SSCP, CEH, GIAC, etc.)
- You are familiar with industry security compliance standards (e.g. PCI DSS, SOC 2 Type 2, HIPAA, NIST, SANS, CIS, GDPR, etc.) and experience meeting their technical, procedural and documentation requirements.