Four Winds Interactive is actively seeking an Application Security Engineer to help us implement and maintain best security practices in our SDLC, which includes but is not limited to, "Privacy by Design" principles, SD3+C methodologies, threat modeling, auditing, security awareness training for engineering, and application vulnerability scanning. This is an incredible opportunity for someone with a strong background in application security principles, to join a growing security team at FWI. An ideal candidate will have a background in Engineering/Development, be an excellent collaborator, a leader, and want to make a large impact in a global organization.
- Facilitate our secure SDLC which includes AVS scanning, SD3+C, and PD3+C methodologies, etc.
- Perform risk assessment of third-party software libraries and open-source software.
- Participate in cross-functional team meetings on security design and implementation.
- Perform threat modeling using DREAD and STRIDE.
- Ensure that software security complies with security frameworks, contractual commitments, and industry best practices.
- Own and perform application security vulnerability management using both static and dynamic scanning.
- Create and maintain documentation related to application security and processes.
- Develop detailed vulnerability reports for application owners and management teams.
- Collaborate with Product and Development on vulnerability remediation timelines
- Determine validity of vulnerability findings from scanning tools and third-parties.
- Facilitate secure coding training for Software Engineers.
- Author and maintain security whitepapers for FWI products and services
- 3-5 years of experience performing network and application security testing preferred.
- 2+ years working on security principles in software engineering with expert knowledge in Open Web Application Security Project (OWASP) security principles.
- Working knowledge of software and configuration vulnerabilities.
- Experienced in Network, Web, and Mobile device vulnerabilities
- Familiarity with application and endpoint vulnerability scanners.
- Excellent organizational, analytical, verbal, and written communication skills are essential.
- Strong customer service skills to participate in application security discussions.
- Ability to run a variety of projects simultaneously and willingness to learn new tools and security testing methodologies in a team-oriented environment.
- Familiarity with common security libraries, security controls, and common security flaws.
Compensation Range: $100,000.00 to 120,000.00
About Four Winds Interactive
FWI is the leading enterprise software company transforming customer and employee experiences with omnichannel corporate communications, office space optimization, and digital signage applications. Over 6,000 customers rely on FWI to power applications used by millions of people per year including retail marketing, employee communications, room and desk management, conference and event management, flight information displays, campus communications, emergency messaging, and more. We are a values-driven organization that encourages our employees to be authentic every day and empowers everyone to make a tangible impact on our products, clients, and culture. Our employees are passionate about their work-and the impact it has-but they are also parents, skiers, comedians, runners, animal lovers, foodies and phenomenal human beings who appreciate our dedication to providing a healthy work/life balance.
We are a diverse team of talented people who want to make a difference, don't take ourselves too seriously, and are driven by our core values:
- Bring your best self
- See it
- Own it
- Crush it
- Be Gracious
We're proud to be one of Built In Colorado's top tech companies , and if our inclusive culture and core values speak to you, we'd love for you to join us.
Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, sexual orientation, gender identity, disability or protected veteran status.
US Benefits Overview