Are OWASP, MITRE, CVEs top of mind for you? Do you enjoy educating others about secure coding practices and shifting security left? If you have experience securing large cloud-native user-facing platforms, we're looking for you.
Honest is growing our engineering team and we're looking to bring on board our first Security Engineer. As the first team member dedicated to security, you'll have the opportunity to make sure security is at the core of our thinking and our platform. You will set and enforce security practices and standards across our organization.
How you will make an impact:
Play a lead role in developing and designing application-level security controls and standards
Perform application security design reviews against new products and services
Track and prioritize all security issues, develop and implement an incident response plan
Build or buy security tools that help fix security problems at scale
Perform code review and drive remediation of discovered issues
Enable automated security testing at scale to measure vulnerability, and report on risk across all services and applications, internal and external
What you need to have:
Strong foundations in software engineering in a cloud-native context
Experience or working knowledge of modern development, test, and deployment models
Expertise in application security domain and architecture design
Understanding of application security in context of SDLC and CI-CD
In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10)
Understanding of OWASP MASVS and ASVS or other relevant standards (we value effectiveness over abbreviations!)
Working knowledge on exploiting and fixing application vulnerabilities
Proficient in one or more programming languages such as Python, Go, Node.js, etc
Familiarity with industry standard secure design models
What makes you stand out:
Strong background in threat modeling, experience red/blue/purple-teaming