Remoote.app

Work from anywhere. Start here.

JobsFree resume builderCompaniesLog in
Apply

Staff Application Security Engineer (Remote in Scotland)

Posted 2 months agoViewed

View full description

💎 Seniority level: Staff, 8+ years

📍 Location: Scotland

🔍 Industry: IT systems and security management

🏢 Company: Ivanti👥 1001-5000💰 Private almost 4 years agoIT InfrastructureIT ManagementSoftware

🗣️ Languages: English

⏳ Experience: 8+ years

🪄 Skills: AWSDockerPythonGCPKubernetesLDAPOAuthAzureCommunication SkillsCI/CDWritten communicationDocumentationMicroservices

Requirements:
  • 8+ years of experience in web application security roles.
  • Deep technical understanding of both common and uncommon security vulnerabilities.
  • Passion and self-drive for researching vulnerabilities and latest exploitation techniques.
  • Ability to discover and exploit security vulnerabilities, providing practical remediation advice.
  • Practical knowledge of applied cryptography and attacks against cryptographic algorithms (encryption at rest, TLS, hashing, etc.).
  • Ability to clearly explain vulnerabilities to stakeholders with varying security and technical backgrounds.
  • Experience in performing Threat Modeling and providing actionable advice.
  • High level of experience in scoring security vulnerability severities through CVSS.
  • Good understanding of SSDLC and CI/CD pipeline tools.
  • Experience with SAST, SCA, DAST, container scanning, and penetration tests.
  • Experience providing secure coding education to developers.
  • Proficiency in at least one programming language (preferably Python).
  • Ability to perform internal penetration tests and coordinate with third-party vendors.
  • Experience with programs like Responsible Disclosure, Bug Bounty, or Vulnerability Disclosure Program.
Responsibilities:
  • Develop both broad and deep technical understanding of Ivanti products, services, and architectures.
  • Conduct security assessments such as threat modeling, secure architecture, code reviews, and penetration tests on web and mobile applications and services.
  • Interpret security vulnerability reports to stakeholders, providing advice on vulnerability prioritization, remediation, and mitigation.
  • Closely coordinate with all stakeholders to embed security into all phases of SDLC.
  • Create and maintain documentation for security processes.
  • Deliver accurate metrics to stakeholders and business leaders in a clear and concise manner.
  • Maintain high proficiency in relevant security topics (latest vulnerabilities, TTPs, exploits, etc.).
  • Create and deliver security education across the organization.
  • Develop innovative and scalable tools, solutions, and processes to enhance product security operations.
  • Support accurate security tooling implementation to maximize their effectiveness and interpret their results to relevant stakeholders.
Apply