Staff Application Security Engineer
To see similar active jobs please follow this link: Remote Development jobs
Job Description:
As an Staff Application Security Engineer at EDB you will report directly to the Director of Information Risk Management as a trusted member of the CISO staff. Your role leads the transformation of the security and development processes within EDB, helping the organization identify, repair and protect against vulnerabilities throughout a secure software development lifecycle (SDLC). You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders and promoting best practices across all EDB products. The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you! What your impact will be:
Support the development and implementation of EDB’s application security services to be consumed by product teams and within our global infrastructure.
Serve as an expert on application security frameworks and objectives by assisting owners as they define new control activities and seek maturity in their development processes
Build tools, processes and solutions that improve the security of EDB’s products and data
Collaborate with internal engineering stakeholders on addressing systemic security issues
Grow and mature relationships with internal security SMEsin a way that bridges the gap between product teams and information security
Support Vulnerability Disclosure Program, triage, assess and analyze vulnerability reports submitted through the VDP, prioritizing them based on severity, risk, and exploitability.
Coordinate vulnerability remediation, Work with internal development teams to reproduce, validate, and prioritize vulnerabilities. Facilitate timely patch development and deployment, ensuring efficient resolution.
Produce application security metrics that demonstrate a continually improving application security posture
Partner with InfoSec Program Management on the roadmap and execution of security initiatives.
Support and manage EDB’s Vulnerability Disclosure program
Proficiency with threat modeling frameworks such as STRIDE, DREAD, PASTA, or OCTAVE.
Experience with threat modeling tools, especially the process of selecting and implementing a new tool to partner with a new threat modeling process.
Experience with Open Source Software (OSS) including familiarity with various open source licenses like MIT, GPL, Apache etc.
Experience with implementation of security best practices related to securing the software supply chain, including patch management, vulnerability scanning, package management and tooling.
What you will bring:
Extensive experience working with developers and driving application security standards
Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling
Conduct application design reviews and support the development of compensating security solutions
Drive the integration of secure development standards, tools, and processes into the development lifecycle
Experience in threat modeling frameworks and processes
Experience performing code audits on internal and open source libraries
Experience with DAST, SAST, SCA as well as manual testing techniques
Ability to demonstrate strategic thinking beyond the specific responsibilities of the role
Effective communication skills with the ability to translate technical concerns into business risk impacts
Personal management of multiple projects, security events and incidents as required for the role
Seek to understand, lead with a collaboration first approach
Experience assessing technical footprints found within on-prem and cloud environments
Strong experience in NIST 800-218 SSDF, BSIMM, Owasp SAMM, or similar frameworks
What will give you an edge:
RedTeam knowledge and experience
Experience performing security code reviews
Experience with IaaS cloud infrastructure, Infrastructure as code, kubernetes container technologies, and software-oriented architecture
Knowledge of the MITRE ATT&CK Framework and attack chains
Experience building and operating security tools in Multiple Operating Systems and various languages (C, Go, JavaScript, Python, Ruby, etc)
About the job
Staff Application Security Engineer
To see similar active jobs please follow this link: Remote Development jobs
Job Description:
As an Staff Application Security Engineer at EDB you will report directly to the Director of Information Risk Management as a trusted member of the CISO staff. Your role leads the transformation of the security and development processes within EDB, helping the organization identify, repair and protect against vulnerabilities throughout a secure software development lifecycle (SDLC). You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders and promoting best practices across all EDB products. The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you! What your impact will be:
Support the development and implementation of EDB’s application security services to be consumed by product teams and within our global infrastructure.
Serve as an expert on application security frameworks and objectives by assisting owners as they define new control activities and seek maturity in their development processes
Build tools, processes and solutions that improve the security of EDB’s products and data
Collaborate with internal engineering stakeholders on addressing systemic security issues
Grow and mature relationships with internal security SMEsin a way that bridges the gap between product teams and information security
Support Vulnerability Disclosure Program, triage, assess and analyze vulnerability reports submitted through the VDP, prioritizing them based on severity, risk, and exploitability.
Coordinate vulnerability remediation, Work with internal development teams to reproduce, validate, and prioritize vulnerabilities. Facilitate timely patch development and deployment, ensuring efficient resolution.
Produce application security metrics that demonstrate a continually improving application security posture
Partner with InfoSec Program Management on the roadmap and execution of security initiatives.
Support and manage EDB’s Vulnerability Disclosure program
Proficiency with threat modeling frameworks such as STRIDE, DREAD, PASTA, or OCTAVE.
Experience with threat modeling tools, especially the process of selecting and implementing a new tool to partner with a new threat modeling process.
Experience with Open Source Software (OSS) including familiarity with various open source licenses like MIT, GPL, Apache etc.
Experience with implementation of security best practices related to securing the software supply chain, including patch management, vulnerability scanning, package management and tooling.
What you will bring:
Extensive experience working with developers and driving application security standards
Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling
Conduct application design reviews and support the development of compensating security solutions
Drive the integration of secure development standards, tools, and processes into the development lifecycle
Experience in threat modeling frameworks and processes
Experience performing code audits on internal and open source libraries
Experience with DAST, SAST, SCA as well as manual testing techniques
Ability to demonstrate strategic thinking beyond the specific responsibilities of the role
Effective communication skills with the ability to translate technical concerns into business risk impacts
Personal management of multiple projects, security events and incidents as required for the role
Seek to understand, lead with a collaboration first approach
Experience assessing technical footprints found within on-prem and cloud environments
Strong experience in NIST 800-218 SSDF, BSIMM, Owasp SAMM, or similar frameworks
What will give you an edge:
RedTeam knowledge and experience
Experience performing security code reviews
Experience with IaaS cloud infrastructure, Infrastructure as code, kubernetes container technologies, and software-oriented architecture
Knowledge of the MITRE ATT&CK Framework and attack chains
Experience building and operating security tools in Multiple Operating Systems and various languages (C, Go, JavaScript, Python, Ruby, etc)