Staff Application Security Engineer

Summary

The job is for an App Security Engineer at Onebrief, a military planning tool used by major military headquarters worldwide. The role involves assessing security, implementing security policies, and staying updated on emerging threats while reporting to the Deputy CISO. The ideal candidate has a strong background in application security, experience in both the private sector and the U.S. Department of Defense, and relevant certifications.

Requirements

• Strong understanding of application security, network security, and operating system security
• Familiarity with security frameworks (OWASP, SANS), security controls, and risk management methodologies
• Proficiency in secure coding practices and experience with various programming languages
• Strong understanding of CI/CD pipelines and where security checks should be applied
• Experience with vulnerability management tools, static/dynamic analysis tools, and penetration testing tools
• Minimum 6 years of experience in application security or related roles
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field is desirable

Responsibilities

• Assess security, code, and vulnerabilities
• Work with the software team to address weaknesses
• Implement security policies and procedures according to standards
• Advise on secure architecture and software design
• Keep up-to-date with the latest threats and technologies
• Respond to incidents when needed
• Enhance the organization's security posture by staying updated on emerging threats and delivering security training programs

Preferred Qualifications

Certifications such as Offensive Security Certified Expert (OSCE), Certified Information Systems Security Professional (CISSP), Certified Secure Software Lifecycle Professional (CSSLP), and GIAC Web Application Defender (GWEB) are a plus

Benefits

Working for a company backed by Y Combinator and top-tier VCs, including Caffeinated Capital and Human Capital