Application Security Engineer
Application Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
At Arctic Wolf were not just navigating the cybersecurity landscape - were redefining it. Our global team of dedicated Pack members is driving innovation and setting new industry standards every day. Our impact speaks for itself: weve earned recognition on theForbes Cloud 100 CNBC Disruptor 50 Fortune Future 50 and Fortune Cyber 60lists and we recently took home the2024 CRN Products of the Yearaward. Were proud to be named a Leader in the IDC MarketScape for Worldwide Managed Detection and Response Services and earning a Customers Choice distinction from Gartner Peer Insights. Our Aurora Platform also received CRNs Products of the Year award in the inaugural Security Operations Platform category. Join a company thats not only leading but also shaping the future of security operations.
Our mission is simple: End Cyber Risk. Were looking for a Application Security Engineer to be part of making this happen.
Position Overview and Objective
The Application Security Engineer role is responsible for the implementation of measures to ensure the security of Arctic Wolf software systems applications code and related components.
This role will work within our Information Security Engineering team to deploy and operationalise technical security capabilities with open collaboration with the Research and Development Team.
Primary Responsibilities and Duties
Understanding of secure coding & secure design principles
Work with teams to help them adopt secure coding.
Train developers architects code reviewers and others on secure coding practices
Serve as the subject matter expert for Application Security providing guidance to
Engineering and Product teams. You will be the bridge between AppSec & Engineering
teams.
Develop standards and training for security testing tools focused on the application layer
(e.g. SAST DAST IAST SCA) and Threat modeling
A solid understanding on Data Flow Diagrams (DFD) where you will provide guidance
to teams on calling out right data flows in a DFD.
Ability to build Threat models from DFD and mapping it to threats via STRIDE or any
threat model frameworks.
Ability to read a CVE scoring understand the vulnerability and should have the ability to
guide teams on vulnerability severity assessments.
Work with development teams throughout the entire SDLC to ensure code is secure by
design secure by default secure in deployment and communication
Help software development teams to understand and remediate security findings within
prescribed timelines.
Research and review any reported or suspected application vulnerabilities from third
party library and source code.
Create technical approaches to implementing application security control technologies.
Perform risk assessments of identified vulnerabilities and mitigations.
Contribute to a world-class security program that supports Arctic Wolfs tremendous
growth.
Mentors and coaches team members to further develop competencies.
The ability to effectively partner and communicate with Engineering and Product teams
Key Skills
- Communication Threat modeling Code Review Penetration Testing Application Testing Research Secure Coding Cloud Technologies Containerization Technologies
- Able to write clearly and succinctly in a variety of communication settings and styles; can get messages across that have the desired effect.
- Uses rigorous logic and methods to solve difficult problems with effective solutions; probes all fruitful sources for answers; can see hidden problems; isexcellent at honest analysis; looks beyond the obvious and doesnt stop at the first answers.
- Comes up with a lot of new and unique ideas; easily makes connections among previously unrelated notions; tends to be seen as original and value-added in brainstorming settings.
Minimum Qualifications
- A bachelors degree in computer science Information Systems Engineering cybersecurity or related technical field; or equivalent experience.
- 3- 5 years of experience in software development within a large organization preferablein a SaaS environment. OR
- A thorough understanding of modern software development practices.
- Thorough understanding of OWASP Top 10 vulnerabilities/ SANS top 25 and corresponding best practices for mitigation.
- Experience in application security technologies such as SAST DAST IAST SCA etc.
- Solid SAST DAST and SCA report reading skills which should translate to mitigations of detections. The candidate must be able to analyze
Preferred Qualifications
- 3 years of experience in security or infrastructure engineering Including assessing an escalating to vendors for troubleshooting purposes.
- Familiarity with SAST & DAST (Running scans to reading reports). Integration of the tools to a CI/CD pipeline calls for some bonus points.
- Familiarity with containerization technologies such as Docker and/or Kubernetes is a huge plus.
- Significant prior experience securing large-scale web applications including performing security code reviews vulnerability assessments and manual testing for logic flaws.
- One or more Industry Certifications (GPEN GWAPT CEH OSCP etc.) is a plus.
At Arctic Wolf we foster a collaborative and inclusive work environment that thrives on diversity of thought background and culture. This is reflected in our multiple awards including Top Workplace USA (2021-2024) Best Places to Work USA (2021-2024) Great Place to Work Canada (2021-2024) Great Place to Work UK (2024) and Kununu Top Company Germany (2024). Our commitment to bold growth and shaping the future of security operations is matched by our dedication to customer satisfaction with over 7000 customers worldwide and more than 2000 channel partners globally. As we continue to expand globally and enhance our technology Arctic Wolf remains the most trusted name in the industry.
Our Values
Arctic Wolf recognizes that success comes from delighting our customers so we work together to ensure that happens every day. We believe in diversity and inclusion and truly value the unique qualities and unique perspectives all employees bring to the organization. And we appreciate thatby protecting peoples and organizations sensitive data and seeking to end cyber risk we get to work in an industry that is fundamental to the greater good.
We celebrate unique perspectives by creating a platform for all voices to be heard through our Pack Unity program. We encourage all employees to join or create a new alliance. See more about our Pack Unity here.
We also believe and practice corporate responsibility and have recently joined the Pledge 1% Movement ensuring that we continue to give back to our community. We know that through our mission to End Cyber Risk we will continue to engage and give back to our communities.
All wolves receive compelling compensation and benefits packages including:
Equity for all employees
Flexible annual leave paid holidays and volunteer days
Training and career development programs
Comprehensive private benefits plan including medical insurance for you and your family life insurance (3x compensation) and personal accident insurance.
Fertility support and paid parental leave
Arctic Wolf is an Equal Opportunity Employer and considers applicants for employment without regard to race color religion sex orientation national origin age disability genetics or any other basis forbidden under federal provincial or local law. Arctic Wolf is committed to fostering a welcoming accessible respectful and inclusive environment ensuring equal access and participation for people with disabilities. As such we strive to make our entireemployeeexperience as accessible as possible and provideaccommodationsas required for candidates and employees with disabilities and/or other specific needs where possible. Please let us know if you require any accommodations by emailing
Security Requirements
Conducts duties and responsibilities in accordance with AWs Information Security policies standards processes and controls to protect the confidentiality integrity and availability of AW business information assets.
Must pass a criminal background check and an employment verification as a condition of employment.
Employment Type
Full-Time
