Application Security Engineer - (Remote, US)
DISQO is changing the way that the world’s largest brands, agencies and consumer intelligence companies get to know their consumers. We’ve built the first identity-based platform that combines consumer attitudes and behaviors together to power the most accurate and predictive insights solutions for our customers, and we do all of that with the willing participation of our consumers and without using outdated technologies like third-party cookies. We help our customers get a cross-platform view into consumer sentiment, measure advertising effectiveness, analyze consumer purchase journeys, and ultimately grow their brands.
Our mission at DISQO is to engage people to share their opinions and behaviors openly to help our customers make the right decisions. With over one million active members sharing their attitudes and behaviors, DISQO is looking to expand, improve and create world-class applications for people to openly share their data for research.
Check out the DISQO Developer Blog for the latest from our DISQOTECH team.
DISQO is a platform-as-a-service (PaaS) that powers brand decisions with breakthrough insights on consumer experience. People experience brands in different ways. DISQO’s platform allows you to understand what people think and do throughout the entire brand experience.
DISQO is searching for an Application Security Engineer within our DISQO Information Security organization to help build a world class security program that enables A world where people trust in sharing information to improve the human experience. We are seeking an application security engineer who is passionate about protecting critical applications and APIs.
What you will do:
- You will collaborate with engineering leaders, developers, quality engineers, and security teams to secure DISQO’s applications and services. Responsibilities include assessing the risk landscape for products and helping drive risk mitigation. You will work with partner teams on security tools, penetration testing, and security testing methodologies to keep DISQO services secured.
- You will experience a rapidly evolving technology and threat landscape and contribute to the education of teams on compliance activities throughout the development lifecycle. You should expect to be exposed to a broad range of systems, including web applications, big data, distributed processing, and virtualized environments.
What you bring to the table:
- Passionate about Application Security with 5+ years of relevant experience
- Deep understanding of web application security threats, vulnerabilities, exploits, and prevention (SQL Injection, XSS, CSRF, platform hardening, etc)
- Ability to triage, reproduce, and recommend remediations for vulnerabilities
- Proficient with a scripting language (e.g., Python, Bash, Go).
- Proficiency with Java and Javascript
- Experience in penetration testing and with tools such as Burp or Zap
- Passion for understanding and researching vulnerabilities and exploitation
- techniques
- Experienced in Threat modeling (STRIDE, MITRE)
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of tools including static code analysis and dynamic application scanning (e.g. SonarQube, Qualys, JFrog)
- Knowledge of test automation frameworks
- Performing security/penetration testing on new applications, products, and features before they are released
- Knowledge of networking concepts (firewalls, load balancers, etc)
- Prior experience/background in web application development
- Practical knowledge of cryptography and common attacks against modern
- cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Experience securing applications in the public cloud preferably AWS
- Excellent communication, interpersonal and collaboration skills
- Working with developers to provide security guidance and mentor them on secure development practices
- Developing tools and exploits to support security testing
- Writing automation to streamline common tasks, tests, workflows, etc.
- Perform threat modeling
- Training and mentoring DevOps teams on application security best practices
- puter Engineering, or equivalent
- Servant Leader and Agile DNA
- Relevant BA/BS degree and/or certifications (CRISC, CISSP, CISM, CISA, CCSP, CSSLP)or equivalent experience.
#dice
Perks & Benefits:
·100% covered Medical/Dental/Vision for employee, 80% for dependents
·Equity
·Unlimited Vacation
·Flexible work hours
·Catered lunches 3x a week
·Stocked pantry
·Happy Hours
·Onsite Fitness Program
·Discounted Gym Membership
·Quarterly Offsites
·401K
·Life Insurance
·FSA
·Paid Maternity/Paternity leave
·Disability Insurance
·Travel Assistance Program
·24/7 Counseling Services offered to employees
DISQO is an equal opportunity employer. Discovery, innovation, and growth are possible when we open ourselves to new possibilities, perspectives, and approaches. That’s why, at DISQO, we welcome, support, and empower individuals from diverse backgrounds. Exceptional teams are rooted in extraordinary people, each with a unique story and a compelling set of skills. DISQO does not discriminate against employees based on race, color, religion, sex, national origin, gender identity or expression, age, disability, pregnancy (including childbirth, breastfeeding, or related medical condition), genetic information, protected military or veteran status, sexual orientation, or any other characteristic protected by applicable federal, state or local laws.
*Recruiting firms that submit resumes to DISQO without first entering into a written contract will not be entitled to any compensation on candidates referred by that firm.