Overview
Four Winds Interactive is actively seeking an Application Security Engineer to help us implement and maintain best security practices in our SDLC, which includes but is not limited to, "Privacy by Design" principles, SD3+C methodologies, threat modeling, auditing, security awareness training for engineering, and application vulnerability scanning. This is an incredible opportunity for someone with a strong background in application security principles, to join a growing security team at FWI. An ideal candidate will have a background in Engineering/Development, be an excellent collaborator, a leader, and want to make a large impact in a global organization.
Responsibilities

• Facilitate our secure SDLC which includes AVS scanning, SD3+C, and PD3+C methodologies, etc.
• Perform risk assessment of third-party software libraries and open-source software.
• Participate in cross-functional team meetings on security design and implementation.
• Perform threat modeling using DREAD and STRIDE.
• Ensure that software security complies with security frameworks, contractual commitments, and industry best practices.
• Own and perform application security vulnerability management using both static and dynamic scanning.
• Create and maintain documentation related to application security and processes.
• Develop detailed vulnerability reports for application owners and management teams.
• Collaborate with Product and Development on vulnerability remediation timelines
• Determine validity of vulnerability findings from scanning tools and third-parties.
• Facilitate secure coding training for Software Engineers.
• Author and maintain security whitepapers for FWI products and services

Qualifications

• 3-5 years of experience performing network and application security testing preferred.
• Experience in software engineering working in .NET, JavaScript, React, HTML, AWS, Azure, Micro Services, and AWS-based lambda.
• 2+ years working on security principles in software engineering with expert knowledge in Open Web Application Security Project (OWASP) security principles.
• Working knowledge of software and configuration vulnerabilities.
• Experienced in Network, Web, and Mobile device vulnerabilities
• Familiarity with application and endpoint vulnerability scanners.
• Excellent organizational, analytical, verbal, and written communication skills are essential.
• Strong customer service skills to participate in application security discussions.
• Ability to run a variety of projects simultaneously and willingness to learn new tools and security testing methodologies in a team-oriented environment.
• Familiarity with common security libraries, security controls, and common security flaws.

Compensation Range: $100,000.00 to 120,000.00
About Four Winds Interactive
FWI is the leading enterprise software company transforming customer and employee experiences with omnichannel corporate communications, office space optimization, and digital signage applications. Over 6,000 customers rely on FWI to power applications used by millions of people per year including retail marketing, employee communications, room and desk management, conference and event management, flight information displays, campus communications, emergency messaging, and more. We are a values-driven organization that encourages our employees to be authentic every day and empowers everyone to make a tangible impact on our products, clients, and culture. Our employees are passionate about their work-and the impact it has-but they are also parents, skiers, comedians, runners, animal lovers, foodies and phenomenal human beings who appreciate our dedication to providing a healthy work/life balance.
We are a diverse team of talented people who want to make a difference, don't take ourselves too seriously, and are driven by our core values:

• Bring your best self
• See it
• Own it
• Crush it
• Be Gracious

We're proud to be one of Built In Colorado's top tech companies , and if our inclusive culture and core values speak to you, we'd love for you to join us.
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
US Benefits Overview
We disclose your personal information to our private equity sponsor, Vista Equity Partners, and its affiliates, including Vista Consulting Group (collectively, "Vista"), for administration, research, database development, workforce analytics and business operation purposes, in line with the terms of this Privacy Policy. Vista processes and shares your personal information with its affiliates, including other Vista portfolio companies, on the basis of its legitimate interests in managing, administering and improving its business and overseeing the recruitment process and, if applicable, your employment relationship with Four Winds Interactive LLC. If you have consented to us doing so, we also share your personal information with other Vista portfolio companies for the purpose of being considered for other job opportunities in the pooling system, both inside and outside the EEA. Please find a full list of all Vista portfolio companies at: https://www.vistaequitypartners.com/companies/ and Vista's privacy policy at https://www.vistaequitypartners.com/privacy/ . Where this requires us to transfer your personal information outside of the EEA, please refer to the FWI Privacy Policy for further details on cross-border transfers. In connection with the recruitment process, your personal data may be transferred outside of the EEA to iCIMS and/or Greenhouse, Hirebridge, LLC and Criteria Corp., which provide applicant tracking and evaluation services. Hirebridge, LLC and Criteria Corp. have agreed to comply with the EU Standard Contractual Clauses to ensure that your personal information is adequately protected whilst outside of the EEA.