Gatikposted 2 months ago
- Senior
Mountain View, CA
Publishing Industries
About the position
We're looking for a Senior Application Security Engineer who wants to work in a fast-paced, execution-oriented team. Gatik's Fleet Management Software team is responsible for the design, development, deployment & maintenance of various applications in our product suite that serve our customers and partners and provide seamless visibility into and interaction with our AV fleet that enables freight-only operations for unparalleled safety, efficiency, responsiveness, and reliability in middle-mile logistics. This role is onsite 5 days a week at our Mountain View, CA office!
Responsibilities
- Align Gatik's Software Development Life Cycle with security best practices: conducting security assessments
- Coordinate with developers on all aspects of SDLC through planning, feasibility analysis, design, development, testing to implementation and operations
- Conduct threat modeling, pen tests, code reviews and security reviews
- Conduct security assessment focused on Cloud infrastructure (AWS, Azure or GCP)
- Identify and Mitigate Vulnerabilities in the Application software and Cloud infrastructure
- Mature Gatik's processes, practices and toolset
- Improve, develop, and maintain security documentation
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities
- Provide product security guidance and architecture oversight, design reviews, and security feature roadmap collaboration
- Develop new security automation and tooling to improve our detection of application vulnerabilities, and to assist in the remediation of findings
- Conduct Dynamic and static analysis
Requirements
- Bachelor's Degree in Computer Science, Information Technology, Cyber Security, or related field of study
- 7+ years of industry experience in Application or Product security
- Strong expertise conducting DAST/SAST
- Strong understanding of web and mobile application security
- Strong knowledge of applied cryptography, TLS/SSL, web authentication protocols such as OAuth/SAML
- Strong knowledge of Cloud security architecture and automating security practices
- Experience securing applications built in Azure, AWS or GCP
- Strong knowledge of Containers and Orchestration technologies like Docker & Kubernetes
- Scripting experience in Python, Ruby, Javascript or Typescript
- Strong knowledge in security vulnerabilities, attack vectors, mitigation techniques, and best practices
- Strong knowledge of OWASP Top 10 vulnerability detection and mitigation
- Experience developing and operating cloud systems in Azure
