Application Security Engineer

Job title:

Application Security Engineer

Company

Cognism

Job description

Cognism is a market leader in international sales intelligence. Access to our premium data, has helped a wide variety of global revenue teams change their approach to prospecting, resulting in predictable and prosperous outcomes.Following multiple successful funding rounds and the acquisition of Mailtastic (2020), an email signature solution provider, and Kaspr (2022), a Paris-based sales prospecting tool, there has never been a more exciting time to join us.As we grow, one of our main objectives is to continue hiring individuals, who are both a professional and cultural fit for our Company. Our values are at the core of everything we do!Our people;

• Are Nice!
• Are Collaborative. We’re in this together!
• Are Solution-Focused. For every problem, we’ve got a solution!
• Are Understanding.
• Celebrate Individual Contributors.

We are committed to creating a diverse and inclusive global workplace, which encourages you to achieve any goals you may have, while having fun along the way!Your Role:As an Application Security Engineer, you will play a critical role in ensuring the security of applications throughout the software development lifecycle (SDLC).You will work closely with cross functional teams and members of the information security team to identify vulnerabilities, design secure applications, and implement security best practices.This role requires a deep understanding of application security principles, risk assessment, and remediation techniques.Your Key Responsibilities:Vulnerability Assessment & Remediation: Conduct in-depth security assessments of web, identifying vulnerabilities using automated tools (e.g., SAST, DAST) and manual techniques. Provide actionable recommendations to development teams for remediation.Security Design Review: Collaborate with application and security architects and developers to ensure security is integrated into the design of applications. Conduct threat modelling and provide guidance on secure coding practices.Penetration Testing: Coordinate application-level penetration tests to identify security flaws. Document findings and work with relevant teams to ensure timely remediation.Security Code Reviews: Analyse source code for security vulnerabilities, focusing on secure coding practices and providing feedback to developers on how to mitigate risks.Automation & Integration: Work with DevOps teams to integrate security testing tools and processes into CI/CD pipelines, ensuring that security is continuously monitored throughout the development process.Collaboration: Work closely with cross-functional teams including development, DevOps, QA, and IT operations to foster a culture of security within the organization.Our Required Qualifications:

• Education: Bachelor’s degree in computer science, Information Security, or related field (or equivalent work experience).
• Experience: 3-5 years of experience in application security or software development with a focus on security.
• Strong understanding of common application vulnerabilities (e.g., OWASP Top 10, SANS CWE Top 25).
• Proficiency in security testing tools (e.g., SonarCloud).
• Experience with secure coding practices in at least one programming language (e.g., Java, Python, C#, JavaScript).
• Familiarity with DevSecOps practices and tools (e.g., Jenkins, Git, Docker).
• Knowledge of web application architectures and cloud security principles (e.g., AWS, Azure).
• Understanding of encryption protocols, authentication mechanisms, and access control models.

Soft Skills:

• Strong analytical and problem-solving skills.
• Excellent communication skills, both written and verbal, with the ability to convey complex security issues to non-technical stakeholders.
• Ability to work independently and as part of a team in a fast-paced environment.

Attention to detail and commitment to high-quality deliverables.Strong Desirable Skills:

• Certified Information Systems Security Professional (CISSP)
• Certified Ethical Hacker (CEH)
• Offensive Security Certified Professional (OSCP)
• Experience with container security (e.g., Docker, Kubernetes).
• Experience with cloud security frameworks and tools (e.g., AWS Security Hub, Azure Security Centre).
• Familiarity with microservices architecture and API security.
• Hands-on experience with incident response and forensic analysis related to application security breaches.

We look forward to hearing from you!

Expected salary

Location

United Kingdom

Job date

Wed, 25 Sep 2024 05:38:25 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (hiring-jobs.com) you saw this job posting.