Application Security Engineer - CaseWare Canada Bookmark Share Print 152 0 0

Listing Description

Caseware is one of Canada's original Fintech companies, having led the global audit and accounting software industry for over 30 years, with more than 500,000 users across 130 countries and available in 16 different languages.

While you might not have heard of us (yet) over 36,000 accounting and audit professionals list Caseware as a skill on their LinkedIn profiles!

As an Application Security Engineer at CaseWare, you’ll work with a team of security professionals on Secure Development Practices, Security Automation, and Secure Software Development Pipelines, Vulnerability Assessments and Penetration Testing. You will be part of an Application Security Engineering team committed to software and services security for dozens of products and services across Desktop, AWS And Azure Cloud environments. There is lots of opportunity to expand your exposure to technologies, and security practices in many areas of personal interest. We’re looking for the right individuals to help us mature our Application Security posture and cloud platforms.

You’ll be reporting into:
Travis Kay  - Director Of Information Security

What you will be doing:
  • Static Application Security Testing (SAST), reviewing security scan results and working closely with development teams to prioritize security vulnerabilities identified using a risk-based approach
  • Performing Dynamic Application Security Testing (DAST) and conducting penetration testing against CaseWare’s applications and services
  • Participate in, and support application security reviews and threat modeling for product development.
  • Support and consult with product and development teams on application security and industry best practices.
  • Develop programs and or scripts for automation tooling,  working with architecture, development and operations stakeholders to enhance security tools and coverage in our CI/CD pipelines, and deployed services
  • Assist in development of automated security testing tools to validate secure coding best practices, and enforce security policy and standards
  • Research, identify, administer and support application security analysis tools
  • Integrating security tools, standards, and processes into the software development life cycle (SDLC), including participating in DevOps / DevSecOps 
  • Lead application security framework and security technology improvement projects, be a champion for software security within the organization
  • Perform other application security or product security related activities or tasks as needed or directed

  • What you will be doing in the first 6-12 months
  • Come up to speed on team operations
  • Understand build pipelines in GitHub and security tooling; Dependabot, CodeQL, Anchor, Veracode, CIS controls
  • Participate in Secure Design Reviews
  • Participate in PR reviews for Security Findings
  • Participate in Vulnerability and Penetration Testing
  • Participate in Application Risk Assessments
  • Take full ownership and accountability of accepted projects 
  • Work with Risk and Compliance on evidence collection and possibly automated support
  • Support enhancement of security practices in application engineering within the team
  • Consult and recommend changes for maturity and coverage in our Secure SDLC processes
  • Possibly develop standards, guidelines and produce libraries related to information and application security needs for Authentication, Authorization and Accounting / Logging and Encryption

  • What you’ll bring
  • Minimum of 5 years related development and security experience
  • Hands-on experience working with one or more SAST, DAST and IAST tools such as Veracode, BurpSuite, OpenVas, OWASP ZAP, NMAP,  Dependency-Track, Github Advanced Security or similar tools
  • Candidates should have good verbal and written communication skills
  • Be a responsible, self directed team player
  • An ability to mentor team members on soft and technical skills
  • Be able to think both offensively (like a hacker) and defensively (evaluating product security and software security architecture)
  • Show professionalism and proficiency in all aspects of Software Development and Software Security 
  • Solid development skills in at least one supported programming language, and willingness to learn others, Java, C#, GO,Python,Ruby,JS/Typescript
  • Positive Attitude and authentic tendency toward cooperation and teamwork
  • You can demonstrate experience in application security concepts such as secure coding, design or development and industry application security standards and best practices
  • Willingness to develop strong relationships across various security and development and architecture teams. Focus on bringing about positive results, identify and communicate requirements effectively

  • Nice to have:
  • Experience with GItHub Advanced Security
  • AWS or Azure related certifications 
  • Security related certifications
  • Familiarity with a variety of development and testing tools, including: IntelliJ, Git, Jira, Confluence, Maven, New Relic, Jenkins, Cypress, Docker is highly desirable and preferred
  • About Caseware

    Caseware's cutting-edge software products are meticulously designed for accounting firms, corporations, and governments. Our teams are continually collaborating, innovating, and building upon our existing suite of products. With a customer-focused mindset, we are building technology that is shaping what the future of audits, financial reporting, and financial data analytics will look like.

    With a recent strategic investment from Hg Capital in 2020, CaseWare is now in its next major growth phase as we double down on the people and products that have made CaseWare so successful to date.

    One of Caseware's core values is Many Voices, One Team and with that in mind, we're dedicated to building teams as diverse as our customers in an equitable and inclusive way. We welcome and encourage candidates of all backgrounds to apply. Should you require accommodations or have any questions at any point during the application or interview process, please e-mail our People Operations team at careers@caseware.com.

    Any candidates successful in obtaining an offer for a position will need to successfully complete a background check through Certn.co which typically includes an Identity Verification and Criminal Record Check. Executives and Senior Managers will undergo a Soft Credit Check as well.

    #LI-remote


    Listing Details

    • Citizenship: Not Provided
    • Incentives: Not Provided

     

    • Education: Not Provided
    • Travel: Not Provided
    • Telework: Not Provided



    About Us

    NinjaJobs is a community-run job platform developed by information security professionals. Our unique approach of focusing strictly on cybersecurity positions allows us to personalize the user experience.

    Our Contacts

    1765 Greensboro Station Pl.
    Suite 900
    Tysons Corner Va 22102

    (703) 594-7765