31 ago
Endava
Rosario
Responsibilities
Sr Application Security Engineer RESPONSIBILITIES • Work with product, platform and security engineering leadership to interactively improve Peloton's Security Development Lifecycle investments. • Develop and maintain security policies, standards and best practice documentation to guide engineering partners to build secure systems. • Perform penetration testing and code reviews of web and mobile applications. • Evaluate and respond to submissions to the Peloton Coordinated Vulnerability Disclosure (CVD) program. • Participate in design reviews and threat modeling of web and mobile applications. • Provide remediation guidance to respective development teams for security related issues.
• Participate in the development and delivery of security training and outreach across Peloton engineering teams • Partner with the Security Automation and Tooling team to identify and implement security tooling to identify security vulnerabilities and risks at scale. QUALIFICATIONS • 5+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code. • 3+ years of experience working with product security teams to drive engineering remediations to externally identified threats and vulnerabilities. • 3+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc. • Understanding of diverse regulatory standards such as PCI DSS requirements and SOX regulations. • Experience with performing risk assessments to evaluate system risk and make appropriate recommendations on risk control.
Technical knowledge on operating system security leveraging configuration standards such as CIS, NIST, and DISA. • Full-stack knowledge of IT infrastructure, including but not limited to: AWS cloud services, IP networks, applications, databases, operating systems. • Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs. • Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security. • Extensive understanding of MITRE ATT&CK;, NIST CSF, CVSS and CWE criteria, enumeration and scoring. • Extensive experience with embedded software development and architectures, security protocols, applied cryptography and security standards • Deep understanding of the TCP/IP protocol stack and major protocols.
• Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, PowerShell. • Excellent relationship building skills across diverse cross-functional teams.
Qualifications and Experience
QUALIFICATIONS • 5+ years of hands-on experience in working with engineering teams on design and implementation of security best practices in architecture and code. • 3+ years of experience working with product security teams to drive engineering remediations to externally identified threats and vulnerabilities. • 3+ years of experience working with teams to identify and remediate potential security gaps related to authentication, authorization, network segmentation, encryption, container configuration, bastion host setup, etc.
• Understanding of diverse regulatory standards such as PCI DSS requirements and SOX regulations. • Experience with performing risk assessments to evaluate system risk and make appropriate recommendations on risk control. Technical knowledge on operating system security leveraging configuration standards such as CIS, NIST, and DISA. • Full-stack knowledge of IT infrastructure, including but not limited to: AWS cloud services, IP networks, applications, databases, operating systems. • Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to such as IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs. • Knowledge and hands on skills with Docker, ECS, Kubernetes, and container security. • Extensive understanding of MITRE ATT&CK;, NIST CSF, CVSS and CWE criteria, enumeration and scoring.
• Extensive experience with embedded software development and architectures, security protocols, applied cryptography and security standards • Deep understanding of the TCP/IP protocol stack and major protocols. • Working knowledge of one or more general purpose programming/script languages including but not limited to: Java, C/C++, C#, Python, JavaScript, PowerShell. • Excellent relationship building skills across diverse cross-functional teams.
Additional Information
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.