Senior Security Engineer

Summary

Join Collibra Inc. as a Sr. Security Engineer in New York, NY (with remote options) and perform security analysis, triage findings from various security testing solutions (SAST, IAST, DAST, SCA), and coordinate third-party penetration testing. You will provide application security expertise, manage security tools, and provide vulnerability metrics to leadership. This role requires a Bachelor's degree in a related field and five years of relevant experience, including extensive experience in application security testing and vulnerability remediation. Three years of experience mitigating OWASP Top 10 risks and working with specific programming languages is also required. Collibra offers competitive compensation, health coverage, and time off, along with a flexible benefits program.

Requirements

• Must have a Bachelor’s degree or foreign equivalent in Computer Science, Information Technology, Engineering (Any), or a related field plus five (5) years of experience in the position offered, or as a Software Tester or Developer, or a related position
• Must have five (5) years of experience with all of the following: Web, API, or mobile application security; Performing application security testing by executing SAST, SCA, IAST, DAST, or penetration testing; Triaging application vulnerabilities associated with source code, open-source library dependencies, or 3rd-party containers; and Assessing the impact and risk identified vulnerabilities pose on custom application software and advising on risk acceptance/deferment for false positive and severity adjustments
• Must include three (3) years of experience with all of the following: Minimizing or mitigating security risks reported in the OWASP Top 10; Serving as a matrixed/embedded security resource within a development team performing vulnerability remediation consulting (how to fix issues), prioritization (what needs to be fixed first), and reporting (mitigated vs. unmitigated risk); Securing Java, Python, or JavaScript web applications; and Working with Java, JavaScript, Python, or .NET programming languages to perform security analyses

Responsibilities

• Perform security analysis and triage findings from Static Application Security Testing (SAST), Interactive Application Security Testing (IAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and pen test solutions
• Coordinate third-party penetration testing engagements, analyze reports, and open tickets for remediation
• Provide application security expertise on remediation efforts
• Configure and manage security tools and services
• Provide metrics for Collibra leadership to understand the type, age, severity, and number of vulnerabilities in Collibra’s software

Benefits

• Competitive compensation
• Health coverage
• Time off