Principal Application Security Engineer

September 19

Apply Now

Receive Emails with Similar Jobs

BLACKBIRD.AI

WebsiteLinkedInAll Job Openings

AI • Deception Detection • Disinformation • Misinformation • Narrative Intelligence

11 - 50

Description

• Develop and implement a comprehensive application security strategy aligned with company objectives. • Lead initiatives to achieve security certifications, including SOC 2, FEDRAMP, GDPR compliance. • Collaborate with cross-functional teams to integrate security best practices into all stages of the Software Development Lifecycle (SDLC). • Assess and enhance the security of applications hosted in AWS and Kubernetes environments. • Conduct regular security assessments, code reviews, and vulnerability scans. • Implement security controls and policies to protect against threats and vulnerabilities. • Prepare and lead efforts to achieve SOC 2 certification and maintain compliance. • Coordinate with external auditors and ensure all security documentation is up-to-date. • Monitor and enforce compliance with industry standards and regulations. • Plan and oversee regular penetration testing activities. • Analyze test results and work with development teams to remediate identified vulnerabilities. • Continuously monitor for emerging threats and adjust security strategies accordingly. • Provide training and mentorship to engineering teams on secure coding practices. • Promote a culture of security awareness throughout the company.

Requirements

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. • Minimum of 10 years of experience in application security engineering. • Proven experience in achieving security certifications such as SOC2, FEDRAMP, GDPR etc. • Deep understanding of AWS services and security best practices. • Strong knowledge of security principles, practices, and technologies related to AWS and Kubernetes. • In-depth understanding of web, API, and microservices security. • Expertise in cloud infrastructure security, especially AWS services like IAM, EC2, S3, and Lambda. • Solid grasp of common security vulnerabilities and mitigation techniques, especially in containerized environments (Docker, Kubernetes). • Familiarity with DevSecOps practices and CI/CD pipelines. • Hands-on experience with security tools such as static/dynamic analysis tools (SAST/DAST), vulnerability scanners, and penetration testing frameworks. • Proficient in security assessment tools and methodologies. • Strong knowledge of compliance frameworks and standards (e.g., SOC 2, ISO 27001). • Experience with penetration testing tools and techniques. • Familiarity with programming languages such as Python, Go, or Java.

Benefits

• Competitive compensation package, 401(k), and equity - everyone has a stake in our growth! • Comprehensive health benefits for you and your loved ones, including wellness days and monthly wellness reimbursements - an apple a day doesn’t always keep the doctor away! • Generous vacation policy, encouraging you to take the time you need - we trust you to strike the right work/life balance! • A flexible work environment with opportunities to collaborate with your team in person - you can have it all! • Inclusion and Impact - soar to new heights! • Bi-annual offsites - have fun with your colleagues! • Professional development stipend - never stop learning!