Application Security Lead

About AppDirect

Become a digital global citizen and enable the new generation of digital entrepreneurs around the world. AppDirect offers a subscription commerce platform to sell any product through any channel on any device - as a service. We power millions of subscriptions worldwide for organizations. We do this by our values-driven cultureone that enables you to Be Seen Be Yourself and Do Your Best Work.

About you

AppDirect is seeking a Lead Application Security Engineer to join our Global Application Security Team. As the Technical lead you will have the responsibility of ensuring the security and integrity of our SaaS platform. By collaborating with our talented Application Security and Engineering teams you will play a crucial role in enhancing and maintaining a security engineering culture within our organization. If you are a driven and collaborative individual with a deep understanding of application security principles and devsecops we invite you to join us at AppDirect and make a significant impact in securing our SaaS platform.

What youll do and how youll have an impact

• Implement and enforce secure code principles (e.g. OWASP TOP 10) across all AppDirect products.
• Identify security gaps and vulnerabilities through SAST DAST SCA penetration testing code review.
• Participate in design and architecture reviews to provide security guidance and recommendations and help shift left the security activities at AppDirect.
• Conduct security reviews and code audits to identify vulnerabilities propose remediation strategies and work with Engineering teams to lower the risk.
• Ensure end-to-end security of AppDirect Marketplace by hands-on testing hypothesizing threats helping development teams remediating risks upfront and championing secure implementation efforts
• Evaluate and secure the CI/CD pipeline to ensure the safe and reliable delivery of products.
• Develop and deliver training programs to promote security awareness among developers and engineers.
• Work closely with Developers and Pipeline team to best secure the code and the tools used to deliver the product.
• Write Policies Standards Processes Guidelines and help answering customer questionnaires.

What were looking for

• At least 5 years of professional hands-on experience in application security
• Strong understanding of secure coding practices and knowledge of industry-standard frameworks such as OWASP TOP 10.
• Knowledge and experience working with one or more SAST DAST IAST SCA and Fuzz testing tools;
• Experience with containerization technologies (e.g. Docker Kubernetes) and securing containerized applications.
• Experience with CI/CD tools and pipelines (e.g. Jenkins ArgoWorflows etc.) and securing the delivery process.
• A strong foundation of security architecture protocols vulnerabilities and countermeasures.
• Experience working with development engineering and architecture teams to ensure security best practices are followed.
• Experience with one or more programming languages and Frameworks including but not limited to: Java JavaScript React NodeJS Python.
• Strong analytical and problem-solving skills with the ability to think outside the box and quickly adapt to new technologies.
• Ability to communicate effectively utilizing critical thinking skills the ability to learn new concepts and problem-solving as they arise.
• Self-motivated; able to work independently and aiming to lead a world wide team.
  
  

At AppDirect we believe that innovation thrives in an environment that houses diversity of excellence experience and thought. We respect each AppDirector as their own fingerprint; unique with no one alike. We foster an environment of inclusion without regard to race religion age sexual orientation or gender identity enabling AppDirectors to embrace their uniqueness to do their best work. As such we strongly encourage applications from Indigenous peoples racialized people people with disabilities people from gender and sexually diverse communities and/or people with intersectional identities.

At AppDirect we take privacy very seriously. For more information about our use and handling of personal data from job applicants please read our Candidate Privacy Policy. For more information of our general privacy practices please see AppDirect Privacy Notice: