Staff Application Security Engineer (Remote in Scotland)
Ivanti, Dundee
Staff Application Security Engineer (Remote in Scotland)
Salary not available. View on company website.
Ivanti, Dundee
- Full time
- Temporary
- Remote working
Posted 1 week ago, 19 Jan | Get your application in now before you're too late!
Closing date: Closing date not specified
job Ref: 3f0715662635410dbccf4bdc723a0382
Full Job Description
The Staff Application Security Engineer at Ivanti is a key role responsible for conducting security assessments and developing a deep understanding of Ivanti products and services. This includes threat modeling, code reviews, and penetration tests. A top candidate would be passionate about security, have extensive experience in web application security, and possess a deep technical understanding of security vulnerabilities and defense techniques. They would have excellent communication skills, the ability to educate and coordinate with stakeholders, and a desire to make a difference by enhancing product security operations. Working at Ivanti offers competitive salary, benefits, flexible hours, and the opportunity to be part of a globally recognized leader in IT systems and security management. Ivanti's Security Department is responsible for implementing and maintaining organization-wide information security policies, standards, guidelines, and procedures. The security team works collaboratively with other business units to document business requirements, then solves for those requirements through a variety of aligned platforms which make up our enterprise architecture. The teams ultimate goal is to keep Ivanti, our data, our customers and employees safe.,
- Develop both broad and deep technical understanding of Ivanti products, services and architectures
- Conduct security assessments such as threat modeling, secure architecture, code reviews and penetration tests on web and mobile applications and services
- Interpret security vulnerability reports to stakeholders, providing advice on vulnerability prioritization, remediation and mitigation
- Closely coordinate with all stakeholders to bake in security into all phases of SDLC
- Create and maintain documentation for security processes
- Deliver accurate metrics to stakeholders and business leaders in a clear and concise manner
- Maintain high proficiency in relevant security topics (latest vulnerabilities, TTPs, exploits, etc.)
- Create and deliver security education across the organization
- Develop innovative and scalable tools, solutions and processes to enhance product security operations
- Support accurate security tooling implementation to maximize their effectiveness and interpret their results to relevant stakeholders
8+ years of experience in web application security roles - Deep technical understanding of both common and uncommon security vulnerabilities
- Passion and self-drive for researching vulnerabilities and latest exploitation techniques
- Ability to discover and exploit security vulnerabilities as well as to give practical and applicable remediation advice
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
- Ability to explain vulnerabilities in a precise, concise and easy to understand manner to stakeholders of varying security and technical backgrounds
- Ability to work in a self-directed environment that is highly collaborative and cross functional
- Experience in performing Threat Modeling and providing actionable advice from its results
- High level of experience in scoring security vulnerability severities through CVSS
- Good understanding of SSDLC as well as development and integration tools and technologies uses as part of CI/CD pipelines
- Experience implementing, running and maintaining tools and processes to reliably identify security issues across large code bases (SAST, SCA, DAST, container scanning, penetration tests, etc.)
- Experience providing secure coding education to developers
- Experience with at least one programming language (preferrable Python) Ability to performing internal penetration tests as well as coordinating penetration tests executed by third party vendors
- Ability to triage and reproduce security vulnerabilities from varying internal and external reporting sources
- Experience in programs such as Responsible Disclosure, Bug Bounty or Vulnerability Disclosure Program Who you are
- Quick learner with high level of curiousity. You are confident in picking up new technologies and pivoting when the situation requires it. Fast paced environment makes you thrive.
- Critical thinker with expert troubleshooting skills. For you, difficult problems exist so that they can be unpacked and repacked in a nicer layout. You provide practical and creative solutions for complex issues.
- Passionate for security. You genuinely care about making software products and the world a more secure place. You are an ideal candidate if you
- Want to make a difference
- Have high experience in web application, database and infrastructure security topics
- Have high technical knowledge on security vulnerabilities, defense techniques and security best practices
- Can easily explain complex topics
- Have excelent verbal and written communication skills
- Enjoy working cross teams and being a valuable resource to other engineers
- Have experience in authentication and authorization standards and protocols (SAML, Oauth, LDAP, AD, etc.)
- Know how to go beyond generic security vulnerability remediation advice
- Can read and write code with ease
- Love to learn about latest security topics even in your free time
- Have good understanding of one or more major cloud providers (Azure, AWS, GCP)
- Know how to educate others on security topics
- Have previous experience in securing SaaS applications and cloud environments at scale
- Understand in depth CI/CD pipelines, containerization (Kubernetes, Docker, etc.) and Microservices
- Know how to coordinate external vulnerability reporting
- Have B.S. Computer Science or similar combination of education and experience
Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management solutions, and is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work. With open positions around the globe, it's an exciting time to join Ivanti! Competitive salary and benefits and flexible hours. Ivanti is a great place to work. If you're passionate about what you do and are interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!
About this company
Ivanti
View full company profileNone
Relevant jobs
- IT / Telecommunications Jobs in Arbroath, Angus
- IT / Telecommunications Jobs in Brechin, Angus
- IT / Telecommunications Jobs in Carnoustie, Angus
- IT / Telecommunications Jobs in Dundee
- IT / Telecommunications Jobs in Forfar, Angus
- IT / Telecommunications Jobs in Kirriemuir, Angus
- IT / Telecommunications Jobs in Montrose, Angus
Similar jobs for you
Site Engineer
CONTRACT SCOTLAND LIMITED,
- Full time
- Permanent
Fast Apply Available
(Apply in seconds when you have a CV uploaded)