Sr. Application security engineer

Capillary technologies is an enterprise-grade SaaS technology provider. We operate in the loyalty domain where we help our customers to better engage their users to enhance their business outcomes.

To provide assurances to our customers, we comply with ISO 27001, PCI & SOC 2 type standards from information security perspective. On privacy front, we comply with Data Privacy laws of the countries (like GDPR, CCPA, etc) where we provide our services.

We are looking for a Lead, Application Security who can drive the application security function to next level resulting in enhanced security of our product

Job responsibilities:

Perform design consultation, architecture review, threat modeling, code review, and testing.

Assist in the development of test cases, scripts, procedures for automated security testing as part of CI/CD pipeline

Perform application vulnerability assessments

Analyze output from security tooling and provide guidance to drive remediation

Be part of SDLC processes and provide guidance on increasing security review coverage

Identify toolsets and vendors, drive adoption and implementation

Consult with development and QA staff to remove false positives and prioritize remediation based on security scanning tools output.

Perform tasks related to securing and maintaining the security of applications, tools, and processes.

Understand industry trends, best practices and look at their implementation in Capillary

Skills And Expertise

6 + years progressive experience in application security domain with at least 2 years in a cloud based / SaaS environment

Should have coding experience

Should have thorough knowledge of cloud computing especially SaaS concepts

Should have worked in devsecops function

Understanding and familiarity with common code review methods and standards

Knowledge of secure coding patterns and pitfalls in multiple languages

Demonstrated experience providing security review of web applications, mobile applications, web APIs and cryptography

Experience with static analysis and dynamic analysis tools

Experience with offensive security tools and methodologies

Penetration testing experience, especially at the application level

Expertise with development and test toolsets (source code control, build systems, test automation, ticketing systems)

Knowledge of OWASP tools and methodologies

Knowledge of modern SDLC practices and security touchpoints in Agile and DevOps

Good communication and collaborative skills