Application Security Engineer II

Job Requirement• Work closely with the business, support and production teams to provide input and guidance on development of planned remediation plans and strategies to solve identified vulnerabilitie• Drive compliance support and improvements over time through the management, analysis and tracking of vulnerabilities discovered through audits, products or collaborations.

• Perform research and analytics and stay apprised on new security vulnerability, threats, risks, attack tools and techniques to contribute and improve Phenom’s Threat model and collaborate with senior engineering and product management staff to incorporate effective security standards and controls into product design.

• Help in the deployment of Phenom Secure Architecture & Software Development program to support the best cybersecurity development practice, and ensure Phenom ITX Platform is highly secure, resilient and aligned with business and product development strategy.

• Continuously review and identify security improvement opportunities in existing processes, services, and workflows to ensure Phenom ITX platform is robust against current and future cybersecurity threats.

• Support cybersecurity process activities including security requirements definition, threat modelling, code reviews and cyber risk assessment.

• Support on development and maintenance of a “security by default” standard to be used in the development, infrastructure, or any other technology project.

• Deliver training on Security Development Lifecycle to engineering/development teams

• ​​Contribute to the review of internal processes and activities and assist in identifying potential opportunities for improvement and automation.

• Drive continuous improvement activities to define, measure, visualize and improve key cyber security metrics related to Application Security.

• Provide analytic support to answer questions about vulnerabilities, and general threat intelligence trends

Must Have

• Bachelor’s degree or higher in related field

• 3 to 5 years’ hands-on technical expertise as Application Security Engineer

Specialized Knowledge

• Experience with Amazon Web Services cloud environments and its security controls and their corresponding challenges.

• Experience with microservices architectures & distributed Platforms especially in the SaaS businesses

• Experience using Agile software development

• Coding Experience in Scripting & programming languages (such as Terraform, Java, Python, Ruby, etc.)

• Knowledge of information security principles (Confidentiality, Integrity, Availability Authentication & Public Key Infrastructure (PKI), Data Security or Cryptography), and understanding of common exploitation techniques and mitigation.

• Experience implementing, managing, and supporting a vulnerability management program (process and technology).

• Experience and well-known understanding of Dynamic and Static Application Security Testing (DAST & SAST) and infrastructure automation/development utilizing APIs.

• Understanding of the main cybersecurity tools (SIEM, IPS, XDR, etc.) and how they help to protect an application.

• Experience working with Threat modeling (e.g., STRIDE, PASTA, FAIR, Security Cards) and vulnerability frameworks standards (e.g., OWASP, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation.

• Thought leadership, critical thinking, strong organizational skills, report writing skills to senior level, ability to prioritize and multitask

Benefits

Benefits

• We want you to be your best self and to pursue your passions!

• Health and wellness benefits/programs to support holistic employee health

• Flexible hours and working schedules, as well as parental leave for new parents

• Growing organization with career pathing and development opportunities

• Tons of perks and extras in every location for all Phenoms!

Diversity, Equity, & Inclusion

Industries:Computer Software, Information Technology & Services, Mechanical Or Industrial Engineering