Listing Description

About the Role

Spotnana is searching for a senior application security architect to join our growing global team. The ideal candidate is a hands-on leader who will help improve the security and privacy posture of Spotnana’s flagship online booking platform, mobile application and underlying backed services running in AWS. 

This passionate individual will lead secure SDLC and devsecOps agenda at Spotnana, with a shift-left and automation mind-set, working closely with development, SRE, DevOps and cloud operations team. 

Responsibilities

• Own code / application level security of Spotnana web and mobile applications


• Own training and awareness for development staff on security issues


• Own triage and management of application vulnerabilities found through various methods


• Own software supply chain and CI/CD security for Spotnana customer serving applications


• Own bug-bounty and external penetration testing engagements


• Be part of the customer integration team, help with security of integrations and any custom implementations.


• Be part of incident response team where application level context and triage is necessary to contain an issue


• Partner with DevOps and Engineering teams to implement pipeline based checks and balances (ex: managing secrets)


• Partner with infrastructure security on container vulnerability management and compliance team to deliver application specific controls for audits and certifications

Qualifications 

• 10+ years previous web and mobile application security experience


• Experience securing microservices based applications built on AWS


• Expert level knowledge and experience using and implementing major AuthN and AuthZ frameworks such as OAuth, OpenID Connect (OIDC), and SAML (Security Assertion Markup Language)


• Previous experience implementing secure SDLC practices, and automations such as SAST, DAST, RAST, IAST in at least medium scale software development organizations


• Experience configuring and and tuning WAF


• Deep understanding and experience with API security testing and risk mitigations


• Strong experience with React (JS) for front end and Java for the backend services


• Hands on experience with MySQL, RDS data stores, plus ElasticSearch & Spring Boot


• Experience with AWS cognito is a plus


• Comfortable with committing code into production pipelines and following engineering practices and cadences


• Comfortable with conducting code reviews and explaining to development teams specifics on how to fix vulnerabilities


• Ability to write tools and automations to support various aspects of secure SDLC


• Nice to have experience with applications running in ECS (fargate) or EKS