Application Security Engineer

Vacancy details
Information Security
Security Engineer
Middle
Bulgaria, 
Croatia, 
Poland, 
Portugal, 
Spain, 
Ukraine
Remote

Application Security engineers are working with product teams to help deliver secure products. As shift-left evangelists, we want to focus on pre-code activities in product planning and development. This includes reviewing early-stage designs, developing threat models, preparing security requirements, and scaling impact by curating security patterns, guidance, and training.

This is a proactive role, and we are looking for passionate people who will help us build end-to-end security in close collaboration with DevSecOps, Architecture, and Engineering chapters and product teams.

What project we have for you

Our client is an innovative global company from the Fortune 500. Consumer Goods Producer and Retailer with headquarters in Switzerland that sells its products in 130 countries. Intellias mission is to support its strategy and efforts in the Digital and eCommerce space. 
A newly conceptualized Digital Eco System is comprised of a set of capabilities including an online shop & website, linking online & offline, customization & personalization, engagement & membership, digital products & services. 

What you will do

  • You will be the primary security engineer for software products and act as the point of contact for engineering and security.   
  • Prepare security requirements based on company policies and best industry security standards.  
  • Design, build and review security-related services and functions of cloud web applications and mobile services.   
  • Implement best security practices in Cloud Platforms (Azure).  
  • Validate vulnerabilities from SCA, SAST, IAST/DAST, and image scanning solutions, and coordinate remediation.  
  • Conduct product security threat and risk assessments for software products regularly (OWASP Threat Dragon or similar tool).   
  • Classify data and applications based on business risk. Establish a simple classification system to represent risk-tiers for applications.   
  • Collaborate with product & development managers to assess and prioritize security-related tasks in the development backlog.   
  • Improve and adopt security best practices in testing, automation, and continuous integration pipelines.

What you need for this

Requirements:

  • 1+ years of solid knowledge of cloud and container security, including peculiarity of cloud security-related services and web/mobile applications.  
  • 2+ years of solid knowledge of the Secure SDLC approach. Ability to describe goals, steps, processes, etc.  
  • Strong understanding of fundamental network security principles, including knowledge of popular protocols, OSI model layers, and related concepts. 
  • Experience in Cloud Platforms (preferably Azure).  
  • Demonstrated experience in verifying results from SCA, SAST, IAST/DAST, and image scanning solutions (knowledge of OWASP Top 10 and OWASP API Top 10) 
  • Scripting/coding with Python and Bash.  
  • Proficiency in communicating over a text-based medium (MS Teams, Jira/Confluence, Email) and ability to concisely document technical details.   
  • Excellent interpersonal and verbal communication skills.   

Will be a plus:

  • Azure Certifications (AZ-500, SC-100) 
  • Related technical experience in Product Security Architecture or Engineering.   
  • Collaborations with SOC teams.  

What it’s like to work at Intellias

This is excellent opportunity to deep dive into best application security practices within huge and dynamic digital cloud based ecosystem!

At Intellias, we are committed to being an equal opportunity employer, fostering equity, diversity, and inclusion. We welcome and celebrate the differences of all qualified applicants. Join Intellias for a career where your unique perspectives are not only valued but crucial to our success.

Skills

Azure
Secure_SDLC
Security

Have not found the most
suitable position
yet?

Leave your resume and we will select a cool option for you.
Good news!
Link copied
Good news!
You did it.
Bad news!
Something went wrong. Please try again.