Description
We are looking for an experienced and passionate Information Security team as a Senior Application Security Engineer. In this role, you'll connect security with development, guiding engineering teams to create secure applications by integrating security best practices into our Software Development Life Cycle (SDLC). Collaborate with R&D, DevOps, and Product teams to enhance Bright Data's security posture across large-scale distributed systems.
Responsibilities
- Drive the integration of security controls and best practices in the software development lifecycle.
- Lead secure product design, embedding security principles from the beginning stages.
- Conduct security code reviews and reduce vulnerabilities alongside R&D teams.
- Manage and optimize the Web Application Firewall (WAF) for threat protection.
- Collaborate on penetration test remediation, ensuring effective resolutions.
- Implement and enforce API security standards.
- Establish and maintain development guidelines for secure practices.
- Support and enhance the bug bounty program.
- Provide guidance and mentorship on secure coding and application security
Requirements
- 2+ years in application security, ideally within a Product/SaaS/Security company.
- Software development experience with strong programming knowledge, especially in JS and ideally PHP, TypeScript, Rust, C#, Python, React, Swift, or Java.
- Expertise in secure coding principles and common vulnerabilities (OWASP Top 10), and exploitation techniques.
- Experience with DAST/SAST tools and security integration in CI/CD pipelines.
- Strong understanding of AWS cloud security principles.
Preferred:
- Bachelor's in Computer Science, Information Security, or related field.
- Cyber security certifications.
- Experience with Kubernetes and container security.
- Familiarity with GitLab and CVS.
