Sirius XM Canada - Washington, DC
posted 3 months ago
SiriusXM is seeking an Application Security Engineer to join its security organization and support the technology objectives of the company. The ideal candidate will be passionate about identifying and solving security challenges, providing tools, guidance, and continuous support to ensure the security success of software and applications. This role is critical in building and documenting security features that enable developers to write secure code and facilitating the implementation and continual improvement of a secure Software Development Life Cycle (SDLC). The engineer will be responsible for creating secure tools that enable security by default, conducting regular audits and tests to identify risks, and prioritizing fixes to enhance the security posture of the organization. In this position, the Application Security Engineer will drive the technical implementation of security solutions, providing necessary guidance and technical leadership to the engineering community at SiriusXM. The role involves developing and improving the Application Security capabilities by designing runbook procedures and expanding the scope of security tools. The engineer will also consult on systems development needs brought to the Application Security team by the business, write and design SDKs, container images, guardrails, and testing suites, and facilitate the adoption of security best practices among developers. The engineer will participate in the design and implementation of applications, services, and infrastructure, ensuring that security and privacy design principles are adhered to through security reviews and threat modeling. Collaboration with a team to develop scripts and software for security automation and development needs is essential. The role also includes aiding in secure code reviews, developing documentation and training materials, and managing infrastructure to protect applications from vulnerabilities. The engineer will triage, escalate, and remediate vulnerabilities found through various programs and work closely with product management and engineering teams to prioritize and address these issues. Additionally, the engineer will conduct root cause analysis of security findings to develop systematic improvements and participate in company-wide security efforts.