Staff Application Security Engineer

Summary

Join Juniper Square's Platform Engineering team as a Staff Engineer - Application and Platform Security and play a critical role in ensuring the security of our platform and web services. You will conduct security assessments, identify and remediate vulnerabilities, develop security best practices, and collaborate with cross-functional teams. This role requires 8+ years of experience in application security, proficiency in Python/JavaScript, and expertise in AWS, EKS, and Kubernetes. You will manage security penetration testing, integrate security into CI/CD pipelines, and enhance our cloud and data security posture. Juniper Square offers various work arrangements, from fully remote to working in physical offices.

Requirements

• Technical Expertise : 8+ years strong background in application security for both internal and external-facing web services
• Programming : Proficiency in Python and/or JavaScript
• Cloud Security : Experience with AWS, EKS, and Kubernetes
• Authentication Mechanisms : Expert-level knowledge of authentication methods for web and mobile applications, and practical experience with their secure implementation
• Security Tools : Proficiency with tools for static code analysis, vulnerability assessment, and application monitoring (e.g., OWASP ZAP, Burp Suite, Checkmarx, or similar)
• Cross-Functional Collaboration : Proven ability to work closely with Development and DevOps teams to foster secure coding practices and DevSecOps culture

Responsibilities

• Conduct periodic, comprehensive, security assessments for internal and external web services. Identify, and drive remediation of, vulnerabilities
• Participate in design reviews to assess and identify potential security vulnerabilities
• Develop, implement, and manage security policies and best practices across application development
• Manage all aspects of our quarterly security penetration testing and requirements in coordination with Development, DevOps and Security teams
• Collaborate with Development and DevOps teams to integrate security within the CI/CD pipelines and advise on secure design practices
• Perform static code analysis, vulnerability assessment, and monitoring using industry-leading security tools
• Enhance our cloud security posture, specifically in AWS, EKS, and Kubernetes environments, to safeguard our infrastructure and applications
• Improve our data security posture as the business evolves
• Maintain and improve documentation on security policies, protocols, and training for continuous improvement and compliance readiness
• Maintain and administer tooling to detect and respond to anomalous behavior on our critical product based systems
• Devise and implement a plan for testing compliance of our edge networks across all our SDLC environments

Preferred Qualifications

• Relevant certifications such as CISSP, OSCP, CEH, or AWS Certified Security Specialty
• Knowledge of compliance requirements (e.g., SOC 2, PCI-DSS, GDPR) and experience in documenting security procedures and policies

Benefits

Juniper Square offers employees a variety of ways to work, ranging from a fully remote experience to working full-time in one of our physical offices