Senior Application Security Engineer I

Product Overview

Outseer Fraud Manageris an advanced omnichannel fraud detection hub that provides riskbased multifactor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine Outseer Fraud Manager is designed to measure the risk associated with a users login and postlogin activities by evaluating a variety of risk indicators. Using powerful machine learning and finegrained policy controls this antifraud hub only requires additional assurance such as outofband authentication and transaction signing for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users ensuring a frictionless end user experience and high fraud detection rates.

What youll achieve:

As a Senior Application Security Engineer you will take ownership of securing our applications throughout the software development lifecycle and provide strategic guidance to ensure the highest level of security across our organization. With your expertise you will mentor and collaborate with crossfunctional teams drive the adoption of best practices and implement robust security measures to protect our critical assets data and customer information from security threats and vulnerabilities.

Essential Duties

• Drive the application security program establishing strategic goals objectives and initiatives to enhance the overall security posture of our applications.
• Conduct comprehensive application security assessments including manual penetration testing code reviews architecture reviews and vulnerability scanning to identify and mitigate risks and vulnerabilities.
• Provide technical leadership and guidance to development teams architects and stakeholders on secure coding practices security requirements and the integration of security controls into the software development lifecycle.
• Develop and maintain application security policies standards and guidelines to ensure compliance with regulatory requirements and industry best practices.
• Collaborate with development teams to perform threat modeling identify security design gaps and recommend appropriate security controls and countermeasures.
• Conduct security reviews of thirdparty applications and vendors to assess their security posture and ensure compliance with our security standards.
• Lead incident response efforts for application security incidents coordinating with crossfunctional teams to investigate contain and remediate security breaches or vulnerabilities.
• Stay up to date with emerging threats vulnerabilities and industry trends and provide recommendations for proactive security enhancements.
• Mentor and train junior members of the application security team providing guidance and knowledge transfer to develop their skills and expertise.
• Evaluate and recommend security tools technologies and frameworks to enhance application security capabilities and automate security processes.

Desired Requirements

• Bachelors degree in computer science Information Security or a related field or equivalent work experience.
• 8 years of professional experience working as an Application Security Engineer or in a similar role with a focus on securing web and mobile applications.
• Indepth knowledge of application security concepts including secure coding practices authentication and authorization mechanisms encryption and vulnerability assessment.
• Demonstrated experience conducting manual application penetration testing code reviews and vulnerability assessments.
• Strong understanding of web and mobile application frameworks languages and technologies (e.g. Java JavaScript Python).
• Proficiency in application security tools such as static code analysis (SAST) dynamic application security testing (DAST) and penetration testing frameworks.
• Expertise in cloud security concepts and practices particularly in cloudnative environments (e.g. AWS Azure GCP).
• Deep knowledge of web application security vulnerabilities (OWASP Top Ten) attack vectors and mitigation techniques.
• Strong scripting or programming skills for automation and tooling (e.g. Python Bash PowerShell).
• Professional certifications in application security (e.g. CSSLP GWAPT CISSP) are highly desirable.
• Administration of security tools such as: Anti DDoS WAF SAST and DAST.
• Secure software development lifecycle (SSDLC) and DevSecOps practices.
• Leader that can influence motivate and direct a workgroup to achieve results.
• Excellent communication skills both verbal and written.
• Project leadership with the ability to prioritize multiple assignments and / or deliverables.

Desired Behaviors

• Adaptability: Demonstrates flexibility and openness to change. Actively seeks and adopts improved approaches and processes.
• Proactive Action: Takes initiative and is driven by results. Takes ownership of actions and outcomes meeting commitments and striving for high performance.
• Effective Workload Management: Makes timely decisions prioritizes tasks effectively solves problems monitors results and takes corrective action when necessary.
• Technical Proficiency: Possesses a solid understanding of their role and responsibilities demonstrating competence in performing tasks and utilizing relevant technical skills.
• Continuous Learning: Takes personal responsibility for learning and development. Recognizes personal strengths and areas for improvement actively seeks feedback and embraces opportunities to learn.
• Effective Communication: Demonstrates strong facilitation and written communication skills. Clearly articulates ideas and proposals actively listens to colleagues perspectives and values diverse viewpoints.
• Collaboration: Shares information fosters teamwork and contributes to a positive work environment. Actively collaborates with others and encourages a sense of unity and cooperation among team members.
• Ethical Conduct and Competence: Acts with integrity and intent displaying ethical character in all actions. Takes accountability for ones own behavior and aligns actions with the companys values and principles.
• Good Citizenship: Represents the values and interests of Outseer. Acts as a positive ambassador for the company and contributes to the overall wellbeing and success of the organization.

Outseer is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Outseer are based on business needs job requirements and individual qualifications without regard to race color religion or belief national social or ethnic origin sex (including pregnancy) age physical mental or sensory disability HIV Status sexual orientation gender identity and/or expression marital civil union or domestic partnership status past or present military service family medical history or genetic information family or parental status or any other status protected by the laws or regulations in the locations where we operate. Outseer will not tolerate discrimination or harassment based on any of these characteristics. Outseer encourages applicants of all ages.

Required Experience:

Senior IC