Upbound Group - Draper, UT

posted about 2 months ago

Full-time - Mid Level
Draper, UT
1,001-5,000 employees
Professional, Scientific, and Technical Services

About the position

As a Senior Application Security Engineer for Upbound Group, you will play a crucial role in supporting various processes and procedures related to application security. Your primary responsibility will be to gather information from product engineering teams and promote a culture of security within the engineering organization. You will collaborate closely with engineers to produce more secure applications and ensure that security processes and procedures are operating efficiently and effectively. This role involves not only supporting developers in their efforts to secure applications but also assisting in the documentation and tracking of various application security and cloud initiatives. In this position, you will work collaboratively with engineers, consultants, and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC). You will be responsible for building automated code scanning tools to identify security vulnerabilities in both application and infrastructure code, utilizing both open-source and commercial tools. Integrating these tools with the CI/CD pipeline will be a key aspect of your role, enabling secure-by-default best practices by developing libraries and frameworks to prevent future vulnerabilities. You will operate at an enterprise scale by building and managing tools that help test, monitor, and improve application security. Additionally, you will develop security standards, preferred implementation patterns, secure common frameworks, and create developer documentation and educational materials. Providing secure developer training to software engineers on how to write secure code and follow best practices will also be part of your responsibilities. Conducting web application penetration testing, code scanning, and dependency scanning that can be incorporated into the SDLC process and CI/CD pipeline will be essential to your role. You will work closely with the development team to provide guidance and mitigate security vulnerabilities, perform security architecture and design reviews of all systems and applications developed at Acima, and take a leadership role in the development, implementation, and maintenance of consistent application and infrastructure architecture security programs.

Responsibilities

  • Collaborate with engineers, consultants, and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC)
  • Build automated code scanning tools to identify security vulnerabilities in application code and infrastructure code using both open source and commercial tools
  • Integrate open-source and/or commercial static application code scanning tools with the CI/CD Pipeline
  • Enable secure-by-default best practices by developing libraries and frameworks to prevent future vulnerabilities
  • Operate at enterprise scale by building and managing tools that help test, monitor, and improve application security
  • Develop security standards, preferred implementation patterns, secure common frameworks, and developer documentation and educational materials
  • Provide secure developer training to software engineers on how to write secure code and follow best practices
  • Conduct web app penetration testing, code scanning, dependency scanning that can be incorporated into SDLC process and CI/CD pipeline
  • Work closely and together with the development team to provide guidance and mitigate security vulnerabilities
  • Perform security architecture and design reviews of all systems and applications developed at Acima
  • Provide a leadership role in the development, implementation and maintenance of consistent application and infrastructure architecture security programs

Requirements

  • 3+ years of experience working in an application security role
  • Background in web application development and/or code auditing with the ability to analyze code for security issues
  • Experience with static and dynamic code analyzers
  • Experience with software composition analysis tools
  • Skills in web application penetration testing and source code vulnerability analysis
  • Extensive knowledge of internet security issues, cloud architectures, and threat landscape
  • General understanding of application and cloud security threats and vulnerabilities, including OWASP top 10, SANS top 25
  • Professional security certification: CISSP, GIAC, GWEB, GWAP or other similar credentials
  • Experience with BurpSuite, Zed Attack Proxy (ZAP), or similar dynamic testing tool
  • Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, native mobile applications, responsive web applications

Nice-to-haves

  • Knowledge of current development practices, including containerized applications, microservice architectures, serverless architectures, native mobile applications, responsive web applications

Benefits

  • DTO (discretionary time off)
  • Medical insurance with United Healthcare (IHC network)
  • Health Savings Account (HSA) with company contribution
  • Dental insurance (Cigna) and Vision insurance (United Healthcare)
  • Paid holidays
  • 401K match 6%/3%
  • Free Dev lunches every Friday for locals
  • Fully stocked snack bar with beverages
  • Onsite gym and bike locker
  • College tuition reimbursement program (STEM)
  • Free car charging
© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service