Aras Information Security Team is rapidly growing and seeks a Lead / Senior Application Security Engineer focused on driving and owning our application security programs with the Aras product and development teams. This person will be conducting regular security reviews (e.g. threat modeling, SAST, DAST), working closely with our internal product and development teams to ensure timely resolution of found security gaps, and providing security assurance to our external clients. This position requires both strong technical and communication skills, with experience in finding and advising on fixes for application security vulnerabilities, and excellent oral and written communication skills to coherently relay security information to both business clients and technical audiences. This person must be able to handle multiple deadlines and high priority issues at the same time, be able to adapt quickly against shifting priorities, and drive security resolution in a fast-paced and high-profile technology landscape.
- Drive our secure SDLC program with product development teams ensuring secure coding practices, SAST, DAST, and pentesting activity occurs on a regular basis.
- Conduct threat modeling and static/dynamic application security testing with automated and manual testing techniques.
- Report and triage vulnerabilities; provide metrics, track, plan, and ensure timely remediation of open issues.
- Collaborate and communicate effectively with product and development teams to ensure security is championed throughout their processes.
- Provide remediation plans and status updates on vulnerability closure to clients on a regular basis.
- Coordinate and negotiate security pentesting activity with clients and 3rd party vendors.
- Assist in technical audit activity to ensure compliance with security policies and other industry standards (e.g. ISO 27001, SANS, NIST, OWASP).
- 3+ years of experience in application security, preferably with a coding/development background.
- Bachelor’s degree in an Information Technology related field of study or equivalent experience; relevant.
- Strong knowledge of secure coding and application security testing practices.
- Experience testing web applications with common application security testing tools such as Checkmarx, Burpsuite, and AppScan; experience testing mobile/API applications a plus.
- Exceptional communication, teamwork, and influencing skills that foster a collaborative and continuous-improvement environment.
- Ability to communicate technical issues to both technical and non-technical audiences.
- Ability to adapt to a hyper-growth pace and changing priorities.
- Ability to manage multiple, concurrent projects, activities, and tasks under tight time constraints.
- Self-motivation and the ability to work under minimal supervision.
- 29-calendar days paid vacation;
- Flexible working schedule;
- Comfortable working environment and ample workspace in a modern office;
- Medical insurance;
- Sport expenses compensation;
- Corporate English lessons;
- Tea, сoffee, fruits;
- Possibilities to learn and evolve as a professional (conferences, training);
- Parking lot and bike parking;
- An excellent friendly team;
- Team activities.