Application Security Engineer

$64,700 - $131,300/Yr

Sirius XM Canada - Washington, DC

posted 3 months ago

Full-time - Mid Level
Washington, DC

About the position

SiriusXM is seeking an Application Security Engineer to join its security organization and support the technology objectives of the company. The ideal candidate will be passionate about identifying and solving security challenges, providing tools, guidance, and continuous support to ensure the security success of software and applications. This role is critical in building and documenting security features that enable developers to write secure code and facilitating the implementation and continual improvement of a secure Software Development Life Cycle (SDLC). The engineer will be responsible for creating secure tools that enable security by default, conducting regular audits and tests to identify risks, and prioritizing fixes to enhance the security posture of the organization. In this position, the Application Security Engineer will drive the technical implementation of security solutions, providing necessary guidance and technical leadership to the engineering community at SiriusXM. The role involves developing and improving the Application Security capabilities by designing runbook procedures and expanding the scope of security tools. The engineer will also consult on systems development needs brought to the Application Security team by the business, write and design SDKs, container images, guardrails, and testing suites, and facilitate the adoption of security best practices among developers. The engineer will participate in the design and implementation of applications, services, and infrastructure, ensuring that security and privacy design principles are adhered to through security reviews and threat modeling. Collaboration with a team to develop scripts and software for security automation and development needs is essential. The role also includes aiding in secure code reviews, developing documentation and training materials, and managing infrastructure to protect applications from vulnerabilities. The engineer will triage, escalate, and remediate vulnerabilities found through various programs and work closely with product management and engineering teams to prioritize and address these issues. Additionally, the engineer will conduct root cause analysis of security findings to develop systematic improvements and participate in company-wide security efforts.

Responsibilities

  • Build and document security features to enable developers to write secure code.
  • Facilitate the implementation and continual improvement for a secure SDLC.
  • Create secure tools that enable security by default, conducting regular audits and tests to identify risks and prioritizing fixes.
  • Drive the technical implementation of security solutions by providing guidance and technical leadership to the engineering community.
  • Develop and improve Application Security capabilities by designing runbook procedures and expanding the scope of security tools.
  • Consult on systems development needs brought to the Application Security team by the business.
  • Write and design SDKs, container images, guardrails, and testing suites.
  • Design, implement, facilitate, and maintain tooling and frameworks for security best practices.
  • Participate in the design and implementation of applications, services, and infrastructure to ensure security principles are followed.
  • Develop scripts and software to solve for security automation and development needs.
  • Aid in secure code reviews focused on security bug reduction.
  • Develop documentation, training, and security baselines to inform and educate engineers on best practices.
  • Deploy, manage, and tune infrastructure to protect applications from vulnerabilities.
  • Triage, escalate, and remediate vulnerabilities found in various programs.
  • Work with product management to prioritize fixes for vulnerabilities and collaborate with engineering teams.
  • Conduct root cause analysis of security findings to develop systematic improvements.
  • Fix vulnerabilities and add security features to products/applications.
  • Participate in company-wide security efforts and incident response lifecycle.

Requirements

  • 3+ years of software development experience.
  • 2+ years of security (direct or adjacent) experience.
  • Proficient in at least one primary development language (preferably Python and Java/Scala).
  • Some experience with mobile application security preferred (Kotlin and Swift).
  • Experience with internal development for identity management, Cognito, OIDC, SAML, and SSO integration development.
  • Experience with AWS and/or GCP.
  • Experience calling REST and/or GraphQL APIs.
  • Experience administering application security tools such as SAST, SCA, DAST.
  • Knowledge of OWASP classifications and how to implement security checks for these vulnerabilities.
  • Ability to understand security code reviews.
  • Understanding of continuous integrations, testing, and delivery.
  • Ability to discover, document and fix security bugs.
  • Experience using Git and related development processes in a professional setting.
  • Knowledge of JIRA (Issue/bug tracking), Confluence.
  • Experience writing educational documentation or knowledge bases.
  • Security mindset, self-starter, and ability to operate independently.
  • Excellent oral/written presentation skills with the ability to teach and communicate effectively to developers and leadership.
  • Passionate about understanding complex systems.
  • Eager to learn, adapt, and improve work.

Nice-to-haves

  • Experience with mobile application security (Kotlin and Swift).
  • Experience with AWS and/or GCP.

Benefits

  • Competitive salary based on experience and qualifications.
  • Discretionary short-term and long-term incentives.
  • Equal opportunity employer with a commitment to diversity and inclusion.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service