Principal Application Security Engineer
As a Principal Application Security Engineer you’ll join the team of Security Engineers working to ensure we build and maintain secure software that is used by millions of users around the globe. You have a hacker mindset and always strive to think like an attacker.
What you'll do
Your core responsibility is to ensure the delivery of secure software. You are the go-to person for security, internally as well as for our clients. Leveraging your technical expertise and leadership, you drive the secure SDLC with its tools and processes. You ensure application security requirements are part of product development. You have expert understanding of application security and application security vulnerabilities and provide guidance to other team members. You provide architecture design reviews as well as source code reviews.You are responsible for Architectural Risk Analysis of the core products and lead the threat modeling activities. You provide training to developers and QA engineers on application security.
You research new tools and take the initiative in improving the ways of working. You play a key role in selecting candidates for the security team as well as onboarding and mentoring new hires.
You will work closely with the customer success development teams who customise and extend the Backbase product for our clients. You thrive working with colleagues from multiple cultures. You mentor new team members and act as the go-to person for security in your area.
Who you are
● 5+ years of experience in application security;
● Bachelor's degree in Computer Science, Information Security, Cyber Security or equivalent;
● English language on a professional level, written and spoken;
● One or more security certifications such as CSSLP, CISSP, OSCP, GWEB;
● Expert understanding of application security;
● Deep understanding of frontend, backend and mobile security domains and you master one of them;
● Expert understanding of security in the SDLC and SAST/SCA/DAST tools;
● Expert understanding of pen testing web applications and mobile applications;
● Drive application security requirements in the product;
● Define security verification strategy for web applications and mobile apps;
● Ability to lead Architecture Risk Analysis and threat modelling;
● Expert understanding of DevOps and Agile product development;
● Deep understanding of relevant regulations such as GDPR and PCI-DSS;
● Deep understanding of cloud-native technologies such as Kubernetes.
Loud and busy sometimes but always friendly, helpful, and super fun. We love to celebrate each other’s achievements, share jokes, and our love for food, movies, traveling, and sports. We’re one big and diverse family working towards the same goal.
Free, healthy lunches every day. Plus snacks and drinks.
Friday parties every month. Office boat you can use with your team.
Discounted gym membership through our corporate fitness plan.
Specific budget for your personal development.
You can wear clothes you feel comfortable in.
High spec equipment
We provide all employees with high-spec Macs and tech set up.