Liquibase is looking to hire an Application Security Engineer to ensure the right security controls are in place for our team. You’ll be an essential member of the Engineering Team, responsible for influencing Engineering to adopt security and privacy by design as well as securing our SDLC, and internal consulting on remediating security vulnerabilities. This role requires an extensive background in security as it relates to platform infrastructure, application security, and other aspects of network/cloud infrastructure security. As a security expert, you will also participate in incident response, drive investigations, and resolve cybersecurity events.

What you’ll do:

• Leading the response for all security breaches to the network and associated systems, including troubleshooting all network and security issues and incidents
• Fostering a culture of security awareness through education and training
• Help train developers, QA, and other engineers to ensure the appropriate level of software security knowledge to perform their responsibilities, including secure coding practices
• Engage in the initial requirements definition for projects the Engineering team is working on, including analysis of threats and risks and ensuring alignment with Liquibase Security, Engineering, and Architecture standards
• Perform security reviews of web applications, enterprise applications, and cloud environments
• Participate in threat modelling and deep design reviews throughout the development lifecycle
• Develop and implement workflows to automate security testing/vulnerability detection for the SDLC including application security tool services like SAST, DAST, IAST & SCA tools
• Identify architectural deficiencies and implement vulnerability mitigation strategies to address them
• Build, operate, maintain, and enhance our Security information and event management (SIEM) platform
• Help define approaches to API security
• Think like an attacker to expose vulnerabilities and solve complex problems
• Help conduct pen testing on our platform, apps, and infrastructure
• Support Vendor Management activities to ensure 3rd party software and development meet security standards

Must-haves: 

• 5+ years of experience in software development with experience in security/secure coding
• 2+ years of Java programming experience
• 3+ years of experience with security management of cloud based services (SaaS) in a fast-paced agile environment
• Hands-on experience with AWS Cloud services like EC2, VPC, S3, IAM, CloudWatch, CloudTrail, GuardDuty including experience with AWS cloud security
• Knowledge and understanding of systems and/or network design principles and thorough understanding of security principles and technical architectures
• Proven ability to correlate and analyze log information, packet captures, security alerts, and artifacts
• Experience working with web applications and browser security; security assessments and penetration testing; identity and access control; applied cryptography and security protocols; security information and event monitoring and intrusion detection.
• Thorough knowledge of OWASP vulnerability classes and how they can be exploited 
• Hands-on experience with containers (e.g., Kubernetes, Docker, ECS)
• Experience working with SIEM/dashboarding and log correlation engines (e.g., Grafana, Telegraph, Splunk, etc.)
• SAST, DAST, IAST & SCA tools
• Hands on experience with SAST, DAST, IAST & SCA tools
• Hands-on experience writing software to solve security issues
• Relevant industry certifications (e.g., ISC2, ISACA, SANS/GIAC, CompTIA,CISSP, CISSP-ISSA
• US-based

Bonus points:

• Experience with Security Compliance Audits (SOC 2/ISO27001)
• Working knowledge of OWASP ASVS
• Experience applying the NIST Cybersecurity Framework to an enterprise environment
• Advanced Blue Team (Cyber Defense) and/or Red Team (Penetration Testing) experience

Education:

• BS/MS in Computer Science or equivalent work experience

Perks of life at Liquibase: 

• A fully remote workforce - we will never ask you to go into an office
• Home office allowance
• Meaningful equity
• Comprehensive health, vision and dental benefits
• Flexible time off
• 401K
• No punks, no jerks culture
• Growth opportunities and ability to move up within the company