Listing Description

Role / What you will be doing

As a Senior Application Security Engineer at M2GEN, you will join a team responsible for building a best-in-class Security Program.  You will design, secure, design, and maintain enterprise cloud environment. Our focus is on providing value to the organization by emphasizing real world security and embracing automation to keep up with business demand as we experience hypergrowth. 

What You’ll Do

• Have technical responsibilities across enterprise, helping enable the team through automation & investigate complex security issues for remediation.


• Partner with both the Product Design and Software Engineering organizations to incorporate security and privacy by leading security design reviews, and threat modeling.


• Provide support to enable automated CI/CD pipeline for ongoing development of in-house applications in a secure manner.


• Perform code reviews of our own and partners’ services and apps including SaaS, PaaS, and mobile.


• Develop lightweight SDLC processes to embed into Product Design and Software Engineering workflows.


• Develop secure coding practices, architecture patterns, and train engineering teams.


• Proactively identify deficiencies in the security services that the team is responsible for and propose a plan for improvements.


• Develop, document and implement security solutions and monitoring capabilities.


• Participating in our incident response and vulnerability remediation efforts.


• Integrate external and internal security tools, including automation into development and build environments.


• Provide security protection guidance on existing and emerging threats as they apply within the M2GEN environment.

What You’ll Need

• Bachelor's Degree in Computer Science, Information Technology, Information Security, Information Assurance, Information Management in related field or equivalent


• 7+ years’ experience in application security or product security role including experience with code reviews, penetration testing, and ideally threat modeling.


• Strong communicator with the ability to translate technical security requirements and risks into terms that anyone can understand


• In-depth experience finding AND fixing web application security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.


• Experience with Infrastructure as Code and CI/CD pipelines.


• Relevant experience in multiple programming languages, such as Python, Bicep, Shell scripts, etc.


• Knowledge of the browser security model, modern network security, and cloud security.


• Experience with vulnerability management and risk assessment processes.

#LI-GH1 #LI-REMOTE