Application Security Engineer
About The Position
Compete is building the world's best and most comprehensive benchmarking platform to ensure employers have all the data they need to recruit and retain top talent so they can win the talent war. Founded in August 2020 - and already transforming the market - Compete is trusted by hundreds of leading tech companies including IronSource, Appsflyer, Fiverr, Lemonade, Riskified, Outbrain, Capsule and Gong.
As an Application Security Engineer at Compete, you will be on the front lines of Compete’s protection, responding to threats, discovering vulnerabilities and attacks against our products.
In this position You will lead Compete’s application security program side-by-side with our talented developers, product managers and platform teams. You will design, build, test and implement security systems as well as contribute to other security domains and initiatives such as Security Operations, Incident Response, Cybersecurity Monitoring and Risk Management.
What you’ll do
- Develop and execute a vision of application security that aligns with the overall business strategy at Compete
- Design, build and implement best in class application security solutions
- Help maintain existing security tools and systems
- Act as a liaison between Product Management (PM) and Development (Dev) teams to ensure the business requirements from PMs are converted into secured specifications that can be implemented by the Dev team
- Ensure the implementation of Security and Privacy By Design as well as S-SDLC concepts across all features and products
- Lead a culture of security across the organization
- Lead and promote security audits, vulnerability assessments, penetration tests, Bug Bounty program and code reviews
- Train, educate (and learn from) the development team
- Respond to application security incidents and investigations
What you need
- Proven history of *legally* breaking stuff
- Proven knowledge in programming (preferred- Go, Python)
- History of designing, developing, or customizing application security solutions
- Understanding of the OWASP Top 10 application security risks and how to address them
- Core understanding of web application security scanning software and related penetration testing tools
- “A” player and a team player
- Strong organizational skills and excellent attention to details
- Ability to effectively prioritize and execute tasks
- Self-driven self-taught
- Excellent English
Nice to have
- Hands-on experience with encryption, hashing, secure random number generation, authentication, authorization, session management, key derivation, key management, etc.
- Strong working knowledge of CI/CD and development pipeline technologies
- Knowledge of microservice architecture, web technologies and APIs
- Understanding of cloud architecture (AWS)
- General knowledge of core security networking concepts like TLS, SSH, DNS, Firewalls etc.
- General understanding of regulatory compliance and how it relates to application security and privacy
- Good presentation skills: Ability to articulate technically advanced issues to all audiences; Ability to mentor and train internal staff
Our commitment to you
- And eat well...