IT

AppSec Lead

534071

תאריך עדכון

16/08/2021

תיאור המשרה

We are looking for the best and the brightest to join our family. We're proud of our industry-leading digital marketing and insights-to-activation platform software, but we're even prouder of the people behind it. That's where you come in!

Our work environment is very fast-paced and entrepreneurial. We work hard, play hard, and always do whatever it takes to delight our customers.

Application security (AppSec) is an integral part of our products’ security and our company’s reputation. 

Wiki definition: Application security encompasses measures taken to improve the security of an application often by finding, fixing, and preventing security vulnerabilities... at different stages of an application's lifecycle such as design, development, deployment, upgrade, maintenance.

The security of IT systems and infrastructure is owned by IT and DevOps, respectively. However, today there’s no clear owner for driving application-level security or guiding the teams on best practices to follow.

This document defines the role and responsibilities of an AppSec lead and the required skills for such a role.

The AppSec lead will work closely with development and DevOps teams to ensure our applications are secured.

Responsibilities

Application security backlog owner

Assess and set priorities for identified risks and vulnerabilities

Support application security reviews

Threat modeling

Application code (in-house) & dependencies (libraries, packages, etc.)

Authentication & authorization flows

Application configuration

Data privacy (encryption, anonymization)

Assess and push adoption of tooling & in-house solutions for addressing security threats.

Educate for secure development

Cultivate best practices

Organize training

Grow security champions in teams

Work closely with the company’s CISO to drive application security compliance

Report to the Platform group manager

Requirements

Requirements

Degree in Computer Science or equivalent.

4+ years of experience in application security roles in a medium-large organization.

2+ years of experience in a leadership role (architect, team lead, etc.).

Experience with OWASP, threat analysis & modeling, and security tools.

Excellent soft skills and professional communication skills, clearly articulating complex topics.

Development experience, preferably with Java & Python.

Advantage - experience with security best practices and solutions in AWS.

המשרה אוישה למשרות נוספות לחץ כאן
המשרה מיועדת לנשים ולגברים כאחד