Stenn are looking for a Senior Application Security Engineer. Could this be you?
You probably want to know what’s involved?
As a Senior Application Security Engineer, you will play a pivotal role in establishing and spearheading our company's appsec program, ensuring the security of our products and services. You will be responsible for conducting comprehensive security assessments, identifying and remediating vulnerabilities, and collaborating with our product and tech teams to integrate security into the development lifecycle. This is an opportunity for you to make a tangible impact on our company's security posture and contribute to the development of secure and reliable products.
We would be looking for you to:
- Establish and manage the appsec program from scratch, defining policies, procedures, and tools to ensure the security of our applications
- Conduct comprehensive system design and architecture reviews, identifying insecure design elements and proposing secure alternatives
- Perform thorough code reviews on critical changes, ensuring adherence to secure coding practices
- Execute rigorous penetration testing (black, gray, whitebox) to uncover vulnerabilities and strengthen our defenses
- Collaborate with product and tech teams to prioritise vulnerabilities, verify fixes, and integrate security into the development process
- Drive the management of both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) findings, ensuring optimized signal-to-noise ratios
How do you know if you are the right candidate?
- You will ideally have 5+ years of experience in application security, with a proven track record of identifying and remediating vulnerabilities
- Strong understanding of secure coding practices, including OWASP Top 10 and SANS 25 Most Critical Software Errors
- Experience with static and dynamic application security testing tools
- Proficiency in penetration testing methodologies, including black-box, gray-box, and white-box testing
- Familiarity with threat modeling techniques such as STRIDE and PASTA
- Proficiency in Microsoft C# code and expertise in Cloud Security as a distinct advantage.
- Bachelor's degree in Computer Science, Information Security, or a related field
- Citizenship: Not Provided
- Incentives: Not Provided
- Education: Not Provided
- Travel: Not Provided
- Telework: Not Provided