Application Security Engineer II

Role Purpose: The Application Security Engineer will be a handson role responsible for delivering security engineering services to Jumios engineering teams and building secure systems and cloud infrastructure with our engineering teams and for executing initiatives on improving our security program.

Role Value: This role plays a vital part in our global Infosec function. It enables our business and customers to have more confidence in our systems our processes and our ability to manage the cyber threats we face by ensuring that we work in a secure cloud infrastructure.

Example Responsibilities

• Collaborate with Engineering and Infrastructure teams to identify and fill any security gaps in our SDLC cloud infrastructure and associated processes
• Integrate security into the Software/Infrastructure processes from initial threat modelling to decommissioning
• Perform manual penetration testing of Web/mobile applications and APIs
• Audit source code and perform code review for critical application changes
• Help teams in understanding security vulnerabilities and associated risk providing guidance in prioritizing and remediation efforts
• Identify critical security risks and drive mitigation with engineering teams
• Manage crossfunctional internal and external team collaboration and communications
• Deploy security services and tools through IaC and actively promote the culture of security as code
• Periodic security assessments and configuration review of cloud environments
• Build custom security solutions tooling and automation and lead security initiatives
• Build promote and scale DevSecOps across the company and enable integration of tools and practices as the teams transition to DevSecOps.

Experience and Qualifications

• 4 years of experience in a security engineering role either specialized in application security or cloud security or both with a working knowledge of the nonspecialized domain
• Strong familiarity with Linux operating systems and cloud ecosystems like Amazon AWS GCP including networking concepts and security services and patterns
• Understanding of core AWS Cloud Services (e.g. EC2 ECS Lambda RDS etc. architecture (e.g. WellArchitectured Framework) and micro services
• Experience in implementing secure IaC solutions
• Experience in containerbased architecture and deployments (Docker Kubernetes)
• Hands on experience in pen testing Web application and API
• Deep understanding of OWASP Top 10 and CWE 25
• Experience in using SAST DAST IAST SCA tools
• Experience in Threat Modeling

• Ability to communicate well present security threats and risks to engineering teams
• Selfmotivated; ability to work independently on new initiatives.

Great to have Experience and Qualifications

• Experience in pentesting mobile applications
• Experience in implementing secure infrastructure as code
• Experience with scripting languages such as Python
• Knowledge on CI/CD automation tools (AWS DevOps Github Actions Jenkins)
• Relevant security certifications such as CREST OSCP OSWE CEPT CMWAPT GPEN PentTest AWS Cloud Practitioner AWS Security Speciality or any AWS Associate level certification
• Bachelors degree or experience with Masters degree in Computer Science

Key Characteristics and Attitudes

• Passion for product security as a subject
• Ability to learn and adapt to changing technology landscape
• Desire to enable change and continuous growth

Jumio Values:

IDEAL: Integrity Diversity Empowerment Accountability Leading Innovation

Equal Opportunities:

Jumio is a collaboration of people with different ideas strengths interests and cultures. We welcome applications and colleagues from all backgrounds and of all statuses.

About Jumio:

Jumio is a B2B technology company dedicated to eradicating online identity fraud money laundering and other financial crimes to help make the internet safer. We leverage AI biometrics machine learning liveness detection and automation to create solutions that are trusted by leading brands worldwide and respected by industry thought leaders.

Jumio is the leading provider of online identity verification eKYC and AML solutions. With a global footprint were expanding the team to meet strong client demand across a range of industries including Financial Services Travel Sharing Economy Fintech Gaming and others.

Applicant Data Privacy

We will only use your personal information in connection with Jumios application recruitment and hiring processes as described in Jumios Applicant Privacy Notice. If you have any questions or comments please send an email to .