Application Security Engineer at Deimos

We are looking for an experienced Application Security Engineer to join our Professional Services team. We are a small and nimble team, working on multiple projects in the Software and Security space. Our clients rely on our technical expertise and ability to deliver value.

What you can expect in this role:

As part of the Software Engineering team, you will participate in the designing and building of secure software solutions across a multitude of domains. You will be responsible for driving security best practices as part of the software development life cycle. Application Security Engineers are responsible for the proactive improvement of the software security posture of both new and existing services. You will report to an Engineering Manager who is on a mission to deliver high-value projects built to the best of our ability

What you will be doing in this role:

• Contribute to incorporating security awareness into the company while guiding and training our ever growing engineering team in security best practices.
• Identify and mitigate application security issues in both frontend and backend services.
• Create scripting tools that can be used internally to automate common security checks.
• Participate in code reviews to assist engineers in identifying and reducing security risks.
• Engage with engineers on cloud managed service integration and secure usage of these products.
• Understand the application lifecycle and the running environment of services in a cloud agnostic environment, and proactively work on securing software being deployed.
• Collaborate with software engineers, site reliability engineers and managers to analyze and propose software security standards, activities, and architecture.
• Write defensive code and set standards for maintaining secure code in various languages and frameworks.
• Be able to respond to production security incidents, and assist the team on root cause analysis and mitigating attacks caused by code vulnerabilities.

What it takes to succeed in this role:

• Proven work experience in software engineering in the security space and/or worked on security initiatives and projects.
• Understanding of security standards, best practices and security knowledge frameworks such as OWASP.
• Familiar with common security controls and security flaws that apply to .NET, Java, Javascript and PHP applications.
• Experience with using and incorporating static code analysis tools into software projects.
• Solid understanding of web technologies and protocols and common API interfaces (REST, GraphQL).
• Good understanding of running applications in a containerised environment using docker.
• Understanding of security practices and controls on browser based applications such as CSP and HSTS.
• Understanding of common authentication technologies such as OAuth2, SAML/SSO, OIDC, JWT, OTP/TOPT.
• Ability to identify and patch SQLi, XSS, CSRF, SSRF, authentication and browser-based vulnerabilities. 
• Kubernetes experience is advantageous.

The ideal candidate has:

• Ability to learn new technologies quickly.
• Excellent problem-solving and communication skills.
• Critical thinking.
• Solid dependable team player.
• Exceptional customer service skills.
• Great communication skills. 
• Enjoys solving many problems per day.