Senior DevSecOps, Application Security Specialist

Shift Technology
Summary
Join Shift Technology's security team as a Sr. Application Security Engineer and play a critical role in protecting our global infrastructure and data. You will own and maintain security tools, continuously test software security, and supervise part of the SOC. Collaborate with data scientists and software delivery teams to ensure security best practices are followed. Automate security testing and champion security standards throughout the organization. Work with engineering leads on security risks and vulnerabilities, and operate a software vulnerability management program. Create and execute incident response processes, and communicate effectively with technical and non-technical stakeholders. Promote a culture of secure system development and act as a subject matter expert.
Requirements
- 5+ years experience with a degree in Computer Science, IT, Systems Engineering or a related qualification
- Familiarity with applicable standards, methods, models, and approaches (OWASP, CWEs, MITRE, threat modeling, etc.)
- Knowledge of scripting language (Python, Ruby, Rust, etc.)
- Strong knowledge of API and Web Apps security
- Collaboration - Engagement with the tech teams and other stakeholders, especially in a remote setting
- Good understanding of software security principles and best practices
- Excellent communication skills; comfortable to represent the cyber security team at all levels of the organisation, and with partners and vendors
- Good awareness of cybersecurity trends
- Strong attention to detail, a can do attitude, and an analytical mind and outstanding problem solving
Responsibilities
- Working with data scientists and software delivery teams to ensure technical security standards and architectures are well understood and best practices are followed so the software is developed with Security and Privacy by Design and by Default in mind
- Raise the awareness of our developers about security best practices
- Automation of security testing (SAST, DAST, SCA, Vulnerability management, threat modelling, etc.) and acquaintance with relevant tooling eg. Github Advance Security, Veracode, Snyk, ThreatAgile, ZAP, Burp, Bug Bounty, etc
- Interest in Data Science, Engineering and ML Security on Azure and AWS
- Ownership of the Application Security Chapters by defining technical policies, standards and guidelines for security relating to software development and championing these through the organisation
- Working with engineering leads on identified security risks and software vulnerability
- Operate a software vulnerability management program
- Understanding/Knowledge of main development language frameworks (C#, Java, React, Python, etcβ¦)
- Occasional security auditing of software developed by the company and its partners
- Oversee security managed services and outsourced security capabilities
- Create, maintain, and execute appropriate incident response processes to enable timely escalation, containment, and recovery of cyber security events
- Work with other teams to identify recurring patterns and propose strategic actions to reduce risk
- Provide clear, concise, and easily consumable communication with key technical and non-technical stakeholders so that incidents are understood and appropriately addressed
- Ensure accurate and clear communication with all stakeholders
- Provide appropriate KPIs and KRIs to key stakeholders
- Technical liaison with third parties on application security related discussions related to security
- Promote a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME)
Benefits
- Flexible remote and hybrid working options
- Competitive Salary and a variable component tied to personal and company performance
- Company equity
- Focus Fridays, a half-day each month to focus on learning and personal growth
- Generous PTO and paid holidays
- Mental health benefits
- 2 MAD Days per year (Make A Difference Days for paid volunteering)