Application Security Developer / Engineer
We are creating a best-in-class compliance program that will allow us to be PCI and SOC2 compliant. With this initiative we need a pragmatic ApplicationSecurity Developer/Engineer who can help shape our DevSecOps/vulnerability management program. The successful candidate will be part of a collaborative team that employs simple, but impactful and iterative solutions that keeps the customer and employee experience top of mind. They will be an adept developer familiar with the latest security threats and tools and will know how to leverage them to protect atVenu’s business operations.
- Accelerate the development and implementation of a sustainable DevSecOps/ vulnerability management program that is PCI and SOC2 compliant.
- Participate in vulnerability assessments, security audits, penetration tests and resolution of any findings.
- Complete security code reviews with the use of scanning tools and manual inspection.
- Support incident response and architecture review processes when application security expertise is required.
- Integrate threat modeling practices into the product development life cycle.
- Review/analyze security logs/reports from a variety of sources; propose/implement recommendations for improvement.
- Conduct realtime tactical management of security events in collaboration with compliance and engineering.
- Create and execute phishing campaigns inclusive of ongoing review/analysis/risk prioritization of authentic phishing emails.
- Produce incident reports, technical briefs and metrics to demonstrate the performance of programs against requirements.
- SupportVendor Management activities to ensure security standards are adhered to.
- Developer background with 5+ years’ experience in information security.
- Experience with agile development processes and the integration of secure development practices.
- Experienced in the use of various development and testing tools with strong knowledge of networking security.
- Experience and/or knowledge of enterprise server platforms, virtualized technology and cloud operations.
- Experience and knowledge of application lifecycle management (AWS DevOps, Jenkins, Git+Github etc.).
- Expertise in employing analytics/threat intelligence techniques, incident response process and software security.
- Excellent communicator capable of explaining vulnerabilities and weaknesses and discussing effective defensive techniques to technical/non-technical team members.
Nice To Have:
Programming experience in:
- Calgary, AB and/or remote
What we offer:
- A high trust work environment: we inherently believe people want to do what’s right for themselves and the company they are part of.
- Flexible time off: this goes with our high trust work environment. While there is flexibility in taking time off, it still requires the advance approval of your supervisor.
- Competitive health benefits paid for by atVenu.
- Options and a curiosity and event allowance.
- 401K matching.