Cars Commerce

Senior Application Security Engineer

Cars Commerce

full-time

Posted on:

Location Type: Remote

Location: Remote • 🇺🇸 United States

Visit company website
AI Apply
Apply

Salary

💰 $154,200 - $192,750 per year

Job Level

Senior

Tech Stack

AWSCloudGraphQLJavaJavaScriptNode.jsPythonRubyRuby on RailsSDLCSQL

About the role

  • Inventory all code developed internally.
  • Identify which are production, internal test, or other internal/external/corp type. Tag all production code with code: production inside Snyk.
  • Focus on ensuring all production codebases are using Snyk pipeline toll gates / help implement them.
  • Design, drive and implement V2 roadmap for Snyk (Optimization) and engage in program maturity.
  • Tool Management and Integration: Oversee and manage existing SDLC security tools (e.g., SAST, DAST, SCA) and integrate them effectively into the development workflow.
  • Developer Education: Develop and lead educational programs on secure coding practices, vulnerability mitigation, and emerging security threats.
  • “Paved Roads” for Security: Create secure coding libraries, frameworks, and standardized processes that developers can adopt seamlessly.
  • Vulnerability Remediation Support: Provide developers with a resource for addressing vulnerabilities, guiding them in applying secure coding practices.
  • Cloud Security Expertise: Apply cloud-native security principles, ensuring that our applications follow best practices for securing cloud-based infrastructure.

Requirements

  • 10+ years of application security experience, including hands-on experience with SDLC security tools and secure development practices.
  • Proven development background (e.g., in Java, Python, or JavaScript) to effectively collaborate with engineering teams and create practical security solutions.
  • Experience building security training programs and documentation to upskill developers.
  • Familiarity with cloud-based security architecture and principles, particularly with AWS or other major cloud providers.
  • Current certifications such as ISC2 Certified Software Security Lifecycle Professional (CSSLP), ISC2 Certified Information Security Professional (CISSP), or GIAC Certified Incident Handler (GCIH).
  • Proficiency in DevSecOps application security testing controls and methods, including Run-time Application Self-Protection, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis and Software Bill of Materials (SCA and SBOM), Threat Modeling, and penetration testing.
  • Working knowledge of various scripting and programming languages such as Python, Ruby, Java, JavaScript, and SQL, including web application frameworks such as Ruby on Rails, run-time environments such as NodeJS, and API query languages such as GraphQL.
  • Bachelor’s degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline.
  • Demonstrated excellent interpersonal skills, ability to interface effectively with all levels of employees/management, excellent verbal and written communication skills, and excellent organizational skills.
Benefits
  • Medical, Dental & Vision Healthcare Plans
  • New Hire Stipend for Home Office Set-Up
  • Generous PTO
  • Refuel - a service based recognition program where employees receive additional paid time away to learn grow and reset
  • Paid Holidays, Floating Holiday, Volunteer Day, Recharge Day

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
application securitySDLC security toolssecure development practicesJavaPythonJavaScriptDevSecOpsDynamic Application Security Testing (DAST)Static Application Security Testing (SAST)Software Composition Analysis (SCA)
Soft skills
interpersonal skillsverbal communicationwritten communicationorganizational skillsleadershipeducational program developmentcollaborationguidancevulnerability mitigationprogram maturity
Certifications
ISC2 Certified Software Security Lifecycle Professional (CSSLP)ISC2 Certified Information Security Professional (CISSP)GIAC Certified Incident Handler (GCIH)