Application Security Engineer (m/f)
Ivalua is a leading provider of cloud-based procurement solutions globally.
THE OPPORTUNITY
We're looking for a full-time Application Security Engineer to help us secure Ivalua’s SaaS platform as well as corporate internet-facing applications. This includes enhancing the s-SDLC process in place, deploying and maintaining automated scans, performing offensive security testing on the application layer, orchestrating remediation plans and tracking the vulnerability remediation progress via reports and dashboards. Additionally, the Application Security Engineer will participate in the deployment and continuous improvement of the Secure Architecture & Software Development program for keeping Ivalua’s SaaS platform secure.
WHAT YOU WILL DO WITH US
Maintain application security tooling (SAST, DAST, automated scripts) and perform manual penetration testing on the Ivalua SaaS platform, internet-facing web applications, web services, CI/CD pipeline, WAF filtering rules etc.
Analyze, report, track and retest security vulnerabilities reported through multiple sources (customer, internal and external audits) and provide guidance to fix these in a manner consistent with Ivalua standards
Act as the Security Champion to help/guide engineering / development teams in adopting shift-security-to-left practices such as enforcing security by design principles and performing security reviews during the development and testing phases
Act as the SME on application security and stay apprised on new vulnerabilities, threats, risks, attack tools and techniques
Develop and/or enhance, maintain and deliver a security training program to engineering / development teams and maintain supporting training presentation/secure coding guidelines
Support and help analyze technical security controls from new security standards planned in the Ivalua GRC roadmap (PCI DSS, IRAP, NIST 800-54 r5, FedRAMP, SecNumCloud etc.)
YOUR PROFILE
IF you have the below experience and strengths this role could be for you.
Skills and Experience:
2+ years hands-on technical expertise in Application Security, automation, integration, and deployment (DevSecOps)
3+ years expertise in performing various technical security audits in web applications (DAST deployment, penetration tests, security code reviews)
Coding experience in scripting, programming and query languages (such as Python, C#, .NET, JavaScript, React, SQL)
Experience with the most common security testing tools (BurpSuite, SQLMap etc.)
Experience working with vulnerability frameworks standards (e.g., OWASP, ASVS, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
Experience using Agile software development
Understanding of global frameworks and standards like NIST 800-53, ISO 27001/27002/27017/ 27018, SANS CIS 20, PCI DSS etc.
An Offensive Security qualification or evidence of starting to work towards e.g. OSCP, GPEN, GWAPT, Hack-the-Box, root-me or similar is preferred but not required
Ability to handle multiple tasks, prioritize and meet deadlines
WHAT WE CAN DO FOR YOU
An innovative and stimulating work environment
Great training and career development
You will work with a diverse and global team made up of exceptionally passionate, talented and motivated colleagues who are established leaders in their field
Regular social events, team sports or musical activities
We pride ourselves in customer experience, Agility, Pragmatism, Positive attitude and enthusiasm, Team play, Continuous learning and Improvement and accountability.
Ivalua received the Happy @ work France and Germany 2020.