Listing Description
Caseware is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages.
While you might not have heard of us (yet) over 36,000 accounting and audit professionals list Caseware as a skill on their LinkedIn profiles!
As an Application Security Engineer at CaseWare, you’ll work with a team of security professionals on Secure Development Practices, Security Automation, and Secure Software Development Pipelines, Vulnerability Assessments and Penetration Testing. You will be part of an Application Security Engineering team committed to software and services security for dozens of products and services across Desktop, AWS And Azure Cloud environments. There is lots of opportunity to expand your exposure to technologies, and security practices in many areas of personal interest. We’re looking for the right individuals to help us mature our Application Security posture and cloud platforms.
You’ll be reporting into:
What you will be doing: Static Application Security Testing (SAST), reviewing security scan results and working closely with development teams to prioritize security vulnerabilities identified using a risk-based approachPerforming Dynamic Application Security Testing (DAST) and conducting penetration testing against CaseWare’s applications and servicesParticipate in, and support application security reviews and threat modeling for product development.Support and consult with product and development teams on application security and industry best practices.Develop programs and or scripts for automation tooling, working with architecture, development and operations stakeholders to enhance security tools and coverage in our CI/CD pipelines, and deployed servicesAssist in development of automated security testing tools to validate secure coding best practices, and enforce security policy and standardsResearch, identify, administer and support application security analysis toolsIntegrating security tools, standards, and processes into the software development life cycle (SDLC), including participating in DevOps / DevSecOps Lead application security framework and security technology improvement projects, be a champion for software security within the organizationPerform other application security or product security related activities or tasks as needed or directed
What you will be doing in the first 6-12 monthsCome up to speed on team operationsUnderstand build pipelines in GitHub and security tooling; Dependabot, CodeQL, Anchor, Veracode, CIS controlsParticipate in Secure Design ReviewsParticipate in PR reviews for Security FindingsParticipate in Vulnerability and Penetration TestingParticipate in Application Risk AssessmentsTake full ownership and accountability of accepted projects Work with Risk and Compliance on evidence collection and possibly automated supportSupport enhancement of security practices in application engineering within the teamConsult and recommend changes for maturity and coverage in our Secure SDLC processesPossibly develop standards, guidelines and produce libraries related to information and application security needs for Authentication, Authorization and Accounting / Logging and Encryption
What you’ll bring Minimum of 5 years related development and security experienceHands-on experience working with one or more SAST, DAST and IAST tools such as Veracode, BurpSuite, OpenVas, OWASP ZAP, NMAP, Dependency-Track, Github Advanced Security or similar toolsCandidates should have good verbal and written communication skillsBe a responsible, self directed team playerAn ability to mentor team members on soft and technical skillsBe able to think both offensively (like a hacker) and defensively (evaluating product security and software security architecture)Show professionalism and proficiency in all aspects of Software Development and Software Security Solid development skills in at least one supported programming language, and willingness to learn others, Java, C#, GO,Python,Ruby,JS/TypescriptPositive Attitude and authentic tendency toward cooperation and teamworkYou can demonstrate experience in application security concepts such as secure coding, design or development and industry application security standards and best practicesWillingness to develop strong relationships across various security and development and architecture teams. Focus on bringing about positive results, identify and communicate requirements effectively
Nice to have:Experience with GItHub Advanced SecurityAWS or Azure related certifications Security related certificationsFamiliarity with a variety of development and testing tools, including: IntelliJ, Git, Jira, Confluence, Maven, New Relic, Jenkins, Cypress, Docker is highly desirable and preferredAbout Caseware
Caseware's cutting-edge software products are meticulously designed for accounting firms, corporations, and governments. Our teams are continually collaborating, innovating, and building upon our existing suite of products. With a customer-focused mindset, we are building technology that is shaping what the future of audits, financial reporting, and financial data analytics will look like.
With a recent strategic investment from Hg Capital in 2020, CaseWare is now in its next major growth phase as we double down on the people and products that have made CaseWare so successful to date.
One of Caseware's core values is Many Voices, One Team and with that in mind, we're dedicated to building teams as diverse as our customers in an equitable and inclusive way. We welcome and encourage candidates of all backgrounds to apply. Should you require accommodations or have any questions at any point during the application or interview process, please e-mail our People Operations team at careers@caseware.com.
Any candidates successful in obtaining an offer for a position will need to successfully complete a background check through Certn.co which typically includes an Identity Verification and Criminal Record Check. Executives and Senior Managers will undergo a Soft Credit Check as well.
#LI-remote
Listing Details
-
Citizenship:
Not Provided
-
Incentives:
Not Provided
-
Education:
Not Provided
-
Travel:
Not Provided
-
Telework:
Not Provided