Application Engineer

• Provide deep expertise and guidance on secure authentication mechanisms, session management, and complex access control models relevant to a multi-tenant SaaS platform.
• Partner closely with product managers and engineering teams to embed security requirements early in the product development lifecycle, balancing user experience (UX) with robust security.
• Address security challenges unique to a SaaS environment, including multi-tenancy isolation, secure API design principles, prevention of horizontal privilege escalation, and secure data handling.
• Conduct hands-on security testing of APIs using various tools (e.g., Burp Suite, Postman, custom scripts) to identify vulnerabilities and ensure secure communication and data exchange.
• Collaborate with engineering and product teams to integrate security requirements and best practices throughout the entire SDLC, from design to deployment.
• Conduct thorough security reviews of application architecture, design documents, and source code to identify and mitigate potential vulnerabilities.
• Design, implement, and maintain the integration of Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools into our CI/CD pipelines, and runtime protection (RASP) for web apps.
• Develop, automate, and enhance our vulnerability management processes, including triage, prioritization, and tracking of security findings across applications.
• Provide guidance, training, and tools to developers on secure coding principles, common vulnerabilities, and secure design patterns.
• Provide expert security consultation and guidance to development teams on secure coding practices, architectural patterns, and vulnerability remediation.
• Stay current with the latest security threats, industry best practices, and emerging technologies, advocating for their adoption to enhance our platform's security posture.

Product & Application Security Engineer

Specialized Applications Engineer

Application Engineer