Application Security Engineer

Summary of Role
The Application Security Engineer bears primary responsibility for design and implementation of Fluid’s Secure Development processes and tooling. In this role the engineer will participate as a contributing member of the engineering team, delivering security as a service through the creation of frameworks and libraries that provide engineers with a consistent mechanism to enforce secure implementations of functionality in their application code and working closely with stakeholders to ensure that automated tooling accelerates development velocity.

The successful candidate will have contributed significantly to product development in a similar capacity with a proven track record of delivering robust solutions for complex problems in succinct and composable frameworks. Extensive work with GoLang will be ideal in this role both as a subject matter expert on security best practices and language-specific guidance as well as the ability to contribute performant production quality code.

The Application Security Engineer also works closely with and may even participate in the Security Incident Response Team to aid in collection of forensic evidence, root cause analysis, tactical mitigation of security vulnerabilities, and planning long-term or strategic remediation.

Primary Responsibilities

• Partner with the engineering teams to prioritize and mitigate security issues
• Design and implement tooling, processes, and controls to secure our applications
• Evaluate and be the security subject matter expert on our platform technology stack
• Own and actively manage the security team’s infrastructure and DevOps capabilities
• Participate in security testing and assessments
• Participate in architecture and design meetings as a Subject-Matter Expert
• Regularly perform assessments of applications
• Identifying and resolving complex issues and developing innovative solutions to achieve business, engineering, and security goals

Experience and Qualifications

• Bachelor and/or Master Degree in Computer Science, Information Security or equivalent work experience
• 3+ years of experience delivering software in a SaaS environment
• 2+ years of experience working with secure code reviews, penetration testing, or other work in the security industry
• Experience working in a cloud-native environment such as GCP, AWS, or Azure
• Experience with Kubernetes and micro-services architecture
• Extensive experience delivering production-quality code in a microservice architecture, preferably in GoLang
• Familiarity and experience discovering, triaging, and remediating application security issues
• Ability to work on multiple projects simultaneously and balance conflicting demands

First 90-Days

• Complete corporate training and on-boarding requirements
• Complete secure development training modules
• Write an introductory blog post on the OSP Portal
• Complete and deliver an initial infrastructure and platform architecture assessment
• Present to stakeholders findings from the infrastructure and platform architecture assessment
• Work closely with DevOps and Engineering leads to absorb and be confident talking about Fluid’s Infrastructure, Platform, and Products
• Complete other deliverable work as assigned