Staff Application Security Engineer (Remote in Scotland)

Staff Application Security Engineer (Remote in Scotland)

Salary not available. View on company website.

Ivanti, Dundee

  • Full time
  • Temporary
  • Remote working

Posted 1 week ago, 19 Jan | Get your application in now before you're too late!

Closing date: Closing date not specified

job Ref: 3f0715662635410dbccf4bdc723a0382

Full Job Description

The Staff Application Security Engineer at Ivanti is a key role responsible for conducting security assessments and developing a deep understanding of Ivanti products and services. This includes threat modeling, code reviews, and penetration tests. A top candidate would be passionate about security, have extensive experience in web application security, and possess a deep technical understanding of security vulnerabilities and defense techniques. They would have excellent communication skills, the ability to educate and coordinate with stakeholders, and a desire to make a difference by enhancing product security operations. Working at Ivanti offers competitive salary, benefits, flexible hours, and the opportunity to be part of a globally recognized leader in IT systems and security management. Ivanti's Security Department is responsible for implementing and maintaining organization-wide information security policies, standards, guidelines, and procedures. The security team works collaboratively with other business units to document business requirements, then solves for those requirements through a variety of aligned platforms which make up our enterprise architecture. The teams ultimate goal is to keep Ivanti, our data, our customers and employees safe.,

  • Develop both broad and deep technical understanding of Ivanti products, services and architectures
  • Conduct security assessments such as threat modeling, secure architecture, code reviews and penetration tests on web and mobile applications and services
  • Interpret security vulnerability reports to stakeholders, providing advice on vulnerability prioritization, remediation and mitigation
  • Closely coordinate with all stakeholders to bake in security into all phases of SDLC
  • Create and maintain documentation for security processes
  • Deliver accurate metrics to stakeholders and business leaders in a clear and concise manner
  • Maintain high proficiency in relevant security topics (latest vulnerabilities, TTPs, exploits, etc.)
  • Create and deliver security education across the organization
  • Develop innovative and scalable tools, solutions and processes to enhance product security operations
  • Support accurate security tooling implementation to maximize their effectiveness and interpret their results to relevant stakeholders

    8+ years of experience in web application security roles
  • Deep technical understanding of both common and uncommon security vulnerabilities
  • Passion and self-drive for researching vulnerabilities and latest exploitation techniques
  • Ability to discover and exploit security vulnerabilities as well as to give practical and applicable remediation advice
  • Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc.)
  • Ability to explain vulnerabilities in a precise, concise and easy to understand manner to stakeholders of varying security and technical backgrounds
  • Ability to work in a self-directed environment that is highly collaborative and cross functional
  • Experience in performing Threat Modeling and providing actionable advice from its results
  • High level of experience in scoring security vulnerability severities through CVSS
  • Good understanding of SSDLC as well as development and integration tools and technologies uses as part of CI/CD pipelines
  • Experience implementing, running and maintaining tools and processes to reliably identify security issues across large code bases (SAST, SCA, DAST, container scanning, penetration tests, etc.)
  • Experience providing secure coding education to developers
  • Experience with at least one programming language (preferrable Python) Ability to performing internal penetration tests as well as coordinating penetration tests executed by third party vendors
  • Ability to triage and reproduce security vulnerabilities from varying internal and external reporting sources
  • Experience in programs such as Responsible Disclosure, Bug Bounty or Vulnerability Disclosure Program
  • Who you are
  • Quick learner with high level of curiousity. You are confident in picking up new technologies and pivoting when the situation requires it. Fast paced environment makes you thrive.
  • Critical thinker with expert troubleshooting skills. For you, difficult problems exist so that they can be unpacked and repacked in a nicer layout. You provide practical and creative solutions for complex issues.
  • Passionate for security. You genuinely care about making software products and the world a more secure place.
  • You are an ideal candidate if you
  • Want to make a difference
  • Have high experience in web application, database and infrastructure security topics
  • Have high technical knowledge on security vulnerabilities, defense techniques and security best practices
  • Can easily explain complex topics
  • Have excelent verbal and written communication skills
  • Enjoy working cross teams and being a valuable resource to other engineers
  • Have experience in authentication and authorization standards and protocols (SAML, Oauth, LDAP, AD, etc.)
  • Know how to go beyond generic security vulnerability remediation advice
  • Can read and write code with ease
  • Love to learn about latest security topics even in your free time
  • Have good understanding of one or more major cloud providers (Azure, AWS, GCP)
  • Know how to educate others on security topics
  • Have previous experience in securing SaaS applications and cloud environments at scale
  • Understand in depth CI/CD pipelines, containerization (Kubernetes, Docker, etc.) and Microservices
  • Know how to coordinate external vulnerability reporting
  • Have B.S. Computer Science or similar combination of education and experience

    Ivanti is a global leader in IT systems and security management, service management, asset management, and mobility management solutions, and is experiencing significant growth worldwide. The company has received numerous awards for being a Top Place to Work. With open positions around the globe, it's an exciting time to join Ivanti! Competitive salary and benefits and flexible hours. Ivanti is a great place to work.
  • If you're passionate about what you do and are interested in developing solutions that make a difference and in having fun while doing it, Ivanti is the place for you!

  • Facebook
  • Twitter
  • Instagram
  • TikTok
  • Linkedin
  • Email

About this company

Get new jobs for this search by email

Similar jobs for you

Site Engineer

£35k - 40k per year + plus benefits

CONTRACT SCOTLAND LIMITED,

  • Full time
  • Permanent

Fast Apply Available

(Apply in seconds when you have a CV uploaded)
Posted 1 weeks ago, 20 Jan