• The ideal candidate will have a software development background and demonstrated experience across a wide range of application security related areas, and will be someone who is looking to take the next step in their career
• Knowledgeable about Secure Coding Practices, Secure Software Design Principles and Secure Software Supply Chain best practices in a production environment
• Experienced at collaborating with software development teams and understanding how they operate and the issues they face
• Knowledgeable about least two of the following languages such as C#, golang, PHP, Javascript, Python, C/C++
• In-depth knowledge of web application vulnerabilities and practical experience with OWASP guides and best practices
• Experienced with application vulnerability management, including the identification, triaging, qualification and reporting of vulnerabilities, as well as performing code reviews and remediation validation testing
• Performing in-depth root cause analysis of discovered vulnerabilities
• Experienced with the integration of SAST/DAST/IAST/SCA toolchains into development workflows and maintenance of such tooling
• Experienced using security testing tools such as Burp Suite or ZAP
• Experienced at facilitating external web application penetration testing
• The ability to explain complex technical concepts to a non technical audience
• Strong communication skills to successfully interact with stakeholders across a broad range of domain expertise
• A willingness to continuously learn and improve their skill set

Desirable

• We are now looking for a new Application Security Engineer to join our Information Security team
• You will be a core member of the application security team, acting as a subject matter expert in the areas of secure software design, web application security, and vulnerability triaging & reporting
• You will be advising and supporting multiple software development teams across the business to develop secure applications in accordance with the established application security policies and standards, as well as performing targeted security tests on our products
• You’ll be working in an international setting and collaborating with people across multiple time zones
• Contribute to the implementation and running of the Application Security Program
• Provide application security subject matter expert knowledge and consultation to development teams
• Maintain and implement Application Security Program defined policies and quality standards
• Drive cross-disciplinary initiatives to improve the security practices of our engineering ecosystem and the products developed at Marigold
• Work on initiatives to improve AppSec activities (for example automated gating or vulnerability acceptance process) as specified by the Application Security Program