Description

 SparkCognition catalyzes sustainable growth for our clients throughout the world with proven artificial intelligence (AI) systems, award-winning machine learning technology, and a multinational team of AI thought leaders. Our clients are trusted with advancing lives, infrastructure, sustainability, and financial systems across the globe. They partner with SparkCognition to understand their industry’s most pressing challenges, analyze complex data, empower decision-making, and transform human and industrial productivity with scalable AI solutions to solve the problems that matter most. With our leading-edge artificial intelligence products and solutions, our clients can adapt to a rapidly changing digital landscape, accelerate their business strategies, and reduce environmental impact creating a better, smarter, and more sustainable world.

We are looking for an Application Security Engineer to help take our Security team to the next level.  A successful candidate in this role will possess a strong technical understanding of application security/secure development concepts and can work with software and DevOps Engineers, Architects, and engineering and product managers across multiple domains to help measure, improve, and ensure the security of our software.

If you were working for us today, you would be:

• Working closely with engineers, data scientists, product owners, and members of the security team to ensure and enable secure design, development, implementation, and monitoring of web applications and APIs in accordance with information security policy and associated compliance controls
• Leading teams through threat modeling exercises
• Participating in code reviews, ensuring security best practices are in place
• Conducting technical Root Cause Analysis on vulnerabilities and helping to identify areas for further research, education, or testing
• Collaborating with the Security and Engineering teams to set up and automate SAST, DAST, and SCA tools across multiple projects
• Engaging with the Security and Engineering teams to analyze, prioritize, and provide remediation guidance for code analysis results
• Evaluating and documenting risk and impact of vulnerabilities
• Educating and evangelizing to engineers and managers secure development best practices, common pitfalls, and the Security Development Lifecycle (SDL) process
• Assist cross-functional teams efforts to embed logging, monitoring, and auditing in applications
• Prioritizing and validating urgency of mitigation of identified product vulnerabilities and security feature enhancement requests

You would be a great fit for our team if you have:

• Experience as an Application Security Engineer (1+ yrs) or Software Engineer (3+ yrs)
• Experience working with development teams in a Secure Development Lifecycle to build secure solutions
• Experience breaking down complex systems and applications to find flaws
• Proficiency in reading, writing, and auditing Python, JavaScript, Scala, or C# and the ability to pick up new languages/technologies
• An understanding of secure system design in both cloud and conventional environments
• Strong familiarity with common vulnerabilities and attack vectors and experience implementing mitigations
• Knowledge of web service technologies and RESTful APIs
• Excellent written and verbal communication skills, interpersonal and collaborative skills
• Strong problem-solving skills and are proactive about getting things done
• An understanding of/experience with encryption technologies (SSH, SSL, TLS, etc.) and common authentication and authorization protocols (OAuth2, OIDC, RBAC, ABAC)
• A strong understanding of microservices-based architectures

Some additional skills that would make you stand out:

• Experience with SAST, DAST, SCA tools
• Experience with manual pen testing
• Experience with DevOps and automation security
• Experience designing or building a microservices-based architecture
• Experience with container security
• Experience with Kubernetes