New York New York job: Sr. Application Security Engineer, New York New York job search
New York New York job: Sr. Application Security Engineer, New York New York job search
Job Keywords: Job City, State:  
 
Job Seekers: search jobs | post resume | create job alert   ||   Employers: post jobs! | search resumes
Country:    
Home » New York Jobs » New York, New York » Engineering Jobs 

Current Statistics

1,600,728 Total Jobs
291,582 Jobs Today
17,907 Cities
222,694 Job Seekers
146,724 Resumes

 

Sr. Application Security Engineer - New York New York

Company: Sisense
Location: New York, New York
Posted On: 04/28/2024

Sisense is the unified, collaborative data platform for professional data teams. We help thousands of data teams tackle increasingly complex data challenges, from ETL through predictive analytics. -Our expectations for ourselves are ever-increasing, and we're looking for someone to help us along that journey. If you love creating delightful user experiences for technical and non-technical users and delivering company-changing outcomes, this role is for you! -
You'll develop, design, and implement security touchpoints into the Sisense product and support the trajectory of our cloud product while maturing the existing on-premise product. While this role will primarily focus on application / product security, bug bounty, incident response and vulnerability management, and overall automation, there will be plenty of opportunity to expand into other areas of security.
WHY YOU SHOULD JOIN OUR SECURITY TEAM:
We do not operate with traditional gating mechanisms but instead focus on enabling our customers. We provide them with clear, opinionated security guidance and usable, scalable, and secure by default offerings to make pragmatic risk decisions for Sisense. While some capabilities are already in place that will need to be learned and maintained, there will be a need to deploy new emerging security solutions to proactively and reactively protect our employees and customers.
We are now complementing our security partnerships and engineering investments in services like bug bounty, pentesting, product security incident response, threat modeling, security reviews, and developer security education. We are looking for folks who are excited about pragmatic risk, continuous operational improvement, and customer-centric security experiences.
You will partner with engineering, product management, operations, IT, and others to truly empower the employees at Sisense. You'll be expected to support solutions by applying risk-based security touchpoints that are both highly secure and highly functional while moving at the speed of the business. -
HOW YOU'LL RAMP:
Within your first 30 days you'll---


  • Meet with the global security team to understand the organizational mission, attack surface and strategically align on risk-based security initiatives
  • Spend time with the engineering and product teams to get up-to-speed on our technology stacks and current security controls
  • Spend time with IT, R&D and potentially customers to get up-to-speed on our technology stacks and current security controls -

    By Day 30, you'll...

    • Have a solid fundamental understanding of our products, people, processes and technologies
    • Perform initial assessment on the strengths and weaknesses of the current product through analysis, automated scanning, and/or custom attack patterns
    • Provide recommendations for identified opportunities from the current state processes
    • Review code and other production changes to ensure no security issues are introduced
    • Work with key stakeholders to ensure compliance of Sisense's internal procedures and compliance goals (SOC2, HIPAA, ISO, GDPR, and CCPA)

      By Day 60, you'll---

      • Drive security improvements into production cloud environments -
      • Collaborate with third-party penetration testing vendors
      • Perform targeted offensive security testing -
      • Evangelize better security throughout the company

        By Day 90, you'll...

        • Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application and infrastructure layers
        • Support External and Internal Penetration Testing efforts and assist with driving issues to closure -
        • Assist with our bug bounty program and maturation of Hacker powered security
        • Promote a security-first culture and ensure that all employees at Sisense are able to protect the organization from threats
        • Provide thought leadership in the areas of innovative DevSecOps automation, tool optimization, application vulnerability management and strategies for risk reduction
        • Own and propose data-driven enhancement strategies for dynamic (DAST), static (SAST), open source application security testing (SCA) and container security scanning, including troubleshooting and continuous process improvement
        • Propose product feature enhancements to enhance security of our applications
        • Help validate services and applications for best-in-class security standards implementation
        • Test for, replicate and validate security vulnerabilities in applications

          WHAT YOU'VE ACCOMPLISHED, SO FAR:

          • 4+ years of industry experience working as an application security engineer, product security consultant or similar position
          • Security mindset as a business enabler as part of the core security foundation of driving change with an effective communication style -
          • Hands-on experience in configuring and hardening cloud-based infrastructure (AWS, Google Cloud, Azure, etc.)
          • Experience with container technology (Kubernetes)
          • Strong experience in Python, Java, JavaScript, Go and Ruby on Rails
          • Demonstrated capability in secure coding (input validation, session management, etc.) and performing automated or manual static analysis
          • Hands-on experience in conducting penetration testing and vulnerability assessments at the network and application layers
          • Ability to dissect new systems, product requirements, and features to identify and develop security requirements
          • Understanding of security processes (access management, incident management, data security, etc.)
          • Experience with scanning of open source libraries and third party images
          • You understand secure engineering best practices, can articulate problem statements and can propose solutions to both technically savvy and non-technical audiences
          • You are either a passionate, security minded software engineer who has been part of building high quality applications and services, or you are an application security engineer who cares about secure software development
          • You have a growth mindset, push yourself towards excellence and focus on continuous functional improvements
          • You are a curious person who looks at problem statements and can clearly propose actionable solutions
          • You have a passion for cyber security, demonstrated through participation/leadership in conferences, webinars, Capture the Flag (CTF), TryHackMe, Bug Bounty, Submission of CVEs and/or personal projects
          • Strong understanding of past, current, and emerging security exploits
          • Security certifications such as OSCP, CISSP, CEH, GWAPT, etc.

            Experiences That Would Be Helpful

            • Familiarity with containerization (Docker, containerd, etc) and Kubernetes
            • Experience developing and operating cloud systems in AWS
            • Experience with GraphQL
            • Experience with deploying application security tools in the CI/CD pipeline
            • Experience with securing software development lifecycles, including manual and automated application security testing, manual source code review, and embedding security to code in production environments -


              About Sisense:
              Sisense stands as a beacon in the embedded analytics landscape, recognized globally for pioneering solutions that infuse intelligence into every facet of business. As we continue on our journey and explore the vast opportunities of the API economy, we're positioning ourselves for unprecedented growth.
              Our vision is bold and transformative: a future where analytics and insights underpin every decision, every process, and every interaction. Our team, an amalgamation of diverse perspectives and unique skills, is our secret weapon. At Sisense, we foster a culture of innovation, collaboration, and inclusivity, powering our relentless drive to redefine what's possible in the world of analytics.
              Join us in this ambitious journey. This position offers more than a job; it's a chance to reshape the industry, redefine the future of analytics, and be a part of a team that's pushing boundaries. Let's shape the future of analytics together.
              Depending on your location, you may need to work from a Sisense office once or twice a week, in accordance with any policies in effect at the time. -
              For roles in the US, Applicants must be authorized to work in the US as we are unable to provide employer sponsorship at this time.
              CO Posting: The base pay range for candidates located in Colorado is $110,000-$140,000 (/yr). The salary of the finalist selected for this role will be based on a variety of factors, including but not limited to market location, internal equity, job-related knowledge, experience and training, education, skill sets, and other business and organizational needs. A bonus, equity, commissions, and restricted stock units may be provided as part of the compensation package, in addition to a full range of medical, financial, and/or other benefits, depending on the position offered. This position may be considered a promotional opportunity. The disclosed salary range represents an estimate of the base compensation for candidates who can or will be located in Colorado. This range may vary with respect to candidates whose primary work location is outside those jurisdictions.
              NYC and CA Posting: The base pay range for candidates located in New York City and California is $110,000-$140,000 (/yr). The salary of the finalist selected for this role will be based on a variety of factors, including but not limited to market location, internal equity, job-related knowledge, experience and training, education, skill sets, and other business and organizational needs.The disclosed salary range represents an estimate of the base compensation for candidates who can or will be located in New York City or California. This range may vary with respect to candidates whose primary work location is outside those jurisdictions. More...

              Send this job to a Friend     

              Register an account with us and set up job agents! We'll email you immediately when jobs like this are posted on our site.
Your Account
Email:
Password:
Register a New Account

Can't find what you're looking for? Try searching here:
Google
 
Web www.localjobboard.com

Copyright 2024 LocalJobBoard.com. All Rights Reserved.

RSS Job Feeds

Sr. Application Security Engineer: New York, New York job search information from LocalJobBoard.com

Recruiter expertise by Recruiter Media Corporation

Job Offers Search Engine

New York New York job: Sr. Application Security Engineer, New York New York job search