Sr. Security Engineer - AppSec

Purpose of the Job :

As members of 6sense's Security department, the Security Engineering team protects the platform. Application Security Engineers work closely with engineering teams, product managers (PM), and third-party entities to ensure that 6sense products are secure.

Responsibilities & Accountabilities :

• Ensure thatapplication security toolsare configured to provideappropriate coveragebased on the Vulnerability Management Policy and Standard
• Track and report status of vulnerabilities based on severity and SLA, escalating as needed
• Build dashboards and filters to surface vulnerability data to the right teams
• Support and consult with engineering and product teams around application security vulnerabilities
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities identified through Pen Testing, SAST, DAST, or Dependency scans
• Support the and evolve the bug bounty program
• Lead in development of automated security testing tovalidatethat secure coding best practices are beingused
• Lead application security reviews and threat modeling, including code review and dynamic testing
• Facilitate secure development training with Engineering teams
• Participate andassistin initiatives to holistically address multiple vulnerabilities found in a functional area
• Design and execute quarterly (O)KRs

Performance Measurement :

• Understands the 6sense product and platformin depth
• Takes the lead inidentifying, triaging, andmanagingsecurityissues
• Participates in weekly 1:1s with manager and monthly skip levels
• Adheres to deadlinesand sets a professional tone among other engineers
• Establishes routines to ensure updates are made tohandbook pages, runbooks,workflowsand dashboards

Educational and Experience Requirements:

• 5+ years of experience in information security,with a focus onall aspects of applicationsecurity, includingthreat modelingand developer training
• Familiarity and ability to explain common security flaws and ways to remediate them (e.g. OWASP Top 10)
• A basic understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS protocols)
• Somedevelopment or scripting experience and skills in Python or JavaScript
• Experience with security tools (e.g., Vulnerability Scanners, SAST/DAST, DevOps software, AWS cloud security tooling)
• Excellent communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
• Experience working directly with software developers to improve code security
• Strong understanding and practical experience with common security libraries, security controls, and common security flaws

Preferred Qualifications :

• Bachelor's degree in a related field
• Relevant industry certifications,such as AWS, CNCF, andGIACarehighly desirable

Competencies and Behaviors :

• Able to establish credibility among Engineering counterparts.
• Maintains a professional, outcome focused demeanor.
• Advocates for application security best practices.
• Works to maintain and improve overall company security posture.
• Drives tasks to completion by following up on questions, deadlines, and requests for input.
• Maintains accuracy of information.
• Effective prioritization and escalation to management.