Principal Application Security Engineer

Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) 10+ years of technical security leadership at a top-tier software company Experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) Proficiency implementing SDL process, technology, and automation in a DevOps environment Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...) Excellent problem solving, critical thinking, collaboration and communication skills Experience with Cloudflare security, AWS VPCs, EC2 instances and docker Ability to drive good decisions through data with great attention to detail and deliver KPIs Experience driving application security training, security champions and awareness campaigns Active contributor to the security community (research, open source, publications…)

Lead Secure Development Lifecycle assurance processes Drive security automation technologies Lead security hardening strategy across product Respond to current and emerging security threats Drive Product Security strategy Define new security capabilities with development teams Grow the team by hiring talent Partner with senior leaders on company-wide security initiatives Lead cross-functional projects and establish security development lifecycle practices Directed security design reviews and threat modeling Evaluate, prototype, implement, and operate security-focused tools and services (DAST, SAST, SCA) Create new secure architecture standards, frameworks and patterns Discover and analyze emerging security threats Maintain knowledge of current security threats and best practices Drive security assessment, penetration testing and bug bounty programs Participate in security incident response