Remote Senior Application Security Engineer

Summary

Join Kraken, a technology company revolutionizing the energy industry, as an experienced Application Security Engineer. You will be a key member of a newly formed security team, securing software development processes, integrating security practices, and fostering a security-conscious culture. This role involves automating security controls, developing secure CI/CD pipelines, addressing security findings, and contributing to security roadmaps. You will collaborate closely with development and platform teams, conduct penetration testing, and provide technical security guidance. The position offers the opportunity to make a significant impact on shaping a sustainable future within a dynamic and innovative organization.

Requirements

• A strong technical security background
• Technical understanding of topics related to SAST, DAST, SCA, Secret Scanning, IAST, fuzzing, and SDLC hardening
• Firm capability of conducting end-to-end security assessment of an application
• Multiple years of experience working with cloud technologies, preferably with a security focus. We work with AWS, but we understand the skills are transferable
• Strong experience in implementing and automating security best-practices
• Proficient with DevOps methodologies such as CI/CD, version control (we use GitHub) and full-stack repeatability
• Experience working with teams around the globe
• Ability to prioritise tasks and work independently
• Experience working with infrastructure as code tools such as CloudFormation, Terraform and CDK

Responsibilities

• Automate security controls, security hardening of the developer and IaC processes (building, testing, release), supply chain security (part of the build process), related metrics and monitoring/audits
• Develop robust and secure CI/CD pipelines, and manage integrated security tooling (SAST/DAST/SCA)
• Actively contribute to addressing security findings by helping teams to create a comprehensive mitigation plans
• Help achieving Shift Left in our software development lifecycle by closely working with our product teams
• Organising and performing penetration testing of our products, and collaborating with external parties on those tests
• Act as a technical security professional, providing advice and guidance to other team members
• Contribute technical decisions to develop platform and security engineering roadmaps
• Help cultivate a strong technical security culture across the company
• Setup and maintain monitoring, metrics & reporting systems for our security tooling to achieve fine-grained security observability and actionable alerting

Preferred Qualifications

• Experience with AWS CodePipeline, CodeBuild, CodeDeploy, CloudFormation, SecurityHub, GuardDuty, Config, Inspector, CloudTrail and other AWS Security services
• Software development experience in either Typescript or Python

Benefits

• Flexible salary based on experience
• Unique company culture
• Perks