166 Application Security jobs in South Africa

Who we are We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That's digital trust for the real world. Job summary As an Application Security Engineer within our cybersecurity team, you will help safeguard the company’s web applications and services by supporting the integration of security practices into the Software Development Life Cycle (SDLC). You will collaborate with development, Dev Ops, and security teams to identify, assess, and remediate vulnerabilities, contribute to secure coding practices, and assist in implementing Dev Sec Ops tooling and processes. This role is ideal for someone with a strong technical foundation who is eager to grow within the product/application security space What you will do Support the integration of security controls and best practices across various phases of the SDLC. Assist in security assessments, including static and dynamic code analysis, open-source dependency analysis, and limited penetration testing. Participate in manual and automated code reviews to identify potential vulnerabilities and coding flaws. Collaborate with software engineers to promote secure development practices, including the use of security testing tools in CI/CD pipelines. Contribute to the evaluation, deployment, and tuning of Dev Sec Ops tools such as SAST, DAST, and SCA platforms. Help maintain secure deployment workflows and support security automation efforts. Participate in cross-functional security reviews of new features and systems with guidance from senior engineers. Stay up to date on current security threats, vulnerabilities, and best practices in application security. Assist with triaging vulnerabilities from internal scans, bug bounty submissions, or external assessments. Document processes and playbooks to support consistent and scalable security practices. Provide input to the development of internal security standards and reference architectures. Support remediation efforts in collaboration with engineering teams. Participate in promoting a security-first culture across the organization. Other duties and responsibilities as assigned. What you will have Bachelor’s degree in computer science, cybersecurity, or a related technical field (essential) 4+ years of experience in cybersecurity, software engineering, or Dev Ops, with at least 1–2 years focused on application or product security (strongly preferred). Familiarity with Dev Sec Ops tools (SAST, DAST, SCA) and secure SDLC methodologies (essential) Solid understanding of common web application vulnerabilities (e.g., OWASP Top 10, CWE) and remediation strategies. Experience with programming/scripting languages such as Python, Java Script, or Java. Ability to analyze code and spot security issues with guidance. Strong communication and collaboration skills. Strong attention to detail and willingness to learn new technologies. Nice to have Hands-on experience with CI/CD pipelines (e.g., Git Hub Actions, Git Lab CI, Jenkins). Experience contributing to or managing a bug bounty triage process. Exposure to cloud platforms such as AWS, Azure, or GCP. Familiarity with security standards and frameworks such as NIST, OWASP SAMM, ISO 27001, or PCI DSS. Experience working in a regulated environment (e.g., financial services, healthcare, or government). Professional certifications such as Security+, CEH, e JPT, or equivalent (OSCP or similar preferred but not required). Benefits Provident Fund Medical Aid + Gap Cover Employee Assistance Program Gym Reimbursement Life Insurance Disability Insurance Sabbatical #LI-GA1 __PRESENT __PRESENT __PRESENT __PRESENT #J-18808-Ljbffr

Join to apply for the Application Security Lead role at R2R Consultants LLP .

4 weeks ago Be among the first 25 applicants.

This range is provided by R2R Consultants LLP. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more.

Base pay range

ZAR660,000.00/yr - ZAR960,000.00/yr

Job Description

The Lead Application Security position is responsible for providing technical leadership in securing software applications across the organization. This role involves implementing security policies, conducting security assessments, and working closely with development teams to ensure applications are designed and maintained with robust security measures. The Lead Application Security works with development teams to integrate security best practices throughout the software development lifecycle, helping to mitigate risks and protect organizational data and systems.

Certification Must Have

CISSP, CSSLP, GWAPT, OSCP, CKS, Cloud Security certifications (AWS Security, Azure Security, or GCP Security) preferred.

The Role Key Accountabilities

• Lead the technical implementation of application security initiatives, ensuring alignment with organizational security strategy.
• Design and implement security controls throughout the software development lifecycle (SDLC).
• Conduct detailed threat modeling and risk assessments for critical applications.
• Perform advanced code reviews, penetration testing, and vulnerability assessments.
• Lead the remediation of security vulnerabilities and track resolution progress.
• Deliver application security training and mentor junior team members.
• Monitor emerging threats and vulnerabilities, recommending appropriate security measures.
• Collaborate with development and operations teams to embed security in the SDLC.
• Provide technical guidance and mentorship to application security team members.
• Implement and maintain container security policies and best practices.
• Assess and enhance security measures for containerized applications.
• Review and secure cloud-native application architectures.
• Security Testing: Advanced experience with SAST, DAST, and IAST methodologies.
• DevSecOps: Experience integrating security into CI/CD pipelines.
• Security Frameworks: In-depth knowledge of OWASP, NIST, and ISO 27001.

Ideal Profile

• You have at least 6 years experience, ideally within an IT Security role.
• You have good interpersonal and communication skills and are adept at working with multiple stakeholders to drive desired outcomes.
• You have working knowledge of security testing, SAST, OWASP, ISO 27001, and CI/CD.
• You are a strong networker & relationship builder.
• You possess strong analytical skills and are comfortable dealing with numerical data.
• You are a strong team player who can manage multiple stakeholders.

What's on Offer?

• Leadership Role
• Excellent career development opportunities

Seniority level

• Mid-Senior level

Employment type

• Full-time

Job function

• Information Technology

Industries

• Information Services and Software Development

#J-18808-Ljbffr

Join to apply for the Application Security Lead role at R2 R Consultants LLP . 4 weeks ago Be among the first 25 applicants. This range is provided by R2 R Consultants LLP. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range ZAR660,000.00/yr - ZAR960,000.00/yr Job Description The Lead Application Security position is responsible for providing technical leadership in securing software applications across the organization. This role involves implementing security policies, conducting security assessments, and working closely with development teams to ensure applications are designed and maintained with robust security measures. The Lead Application Security works with development teams to integrate security best practices throughout the software development lifecycle, helping to mitigate risks and protect organizational data and systems. Certification Must Have CISSP, CSSLP, GWAPT, OSCP, CKS, Cloud Security certifications (AWS Security, Azure Security, or GCP Security) preferred. The Role Key Accountabilities Lead the technical implementation of application security initiatives, ensuring alignment with organizational security strategy. Design and implement security controls throughout the software development lifecycle (SDLC). Conduct detailed threat modeling and risk assessments for critical applications. Perform advanced code reviews, penetration testing, and vulnerability assessments. Lead the remediation of security vulnerabilities and track resolution progress. Deliver application security training and mentor junior team members. Monitor emerging threats and vulnerabilities, recommending appropriate security measures. Collaborate with development and operations teams to embed security in the SDLC. Provide technical guidance and mentorship to application security team members. Implement and maintain container security policies and best practices. Assess and enhance security measures for containerized applications. Review and secure cloud-native application architectures. Security Testing: Advanced experience with SAST, DAST, and IAST methodologies. Dev Sec Ops: Experience integrating security into CI/CD pipelines. Security Frameworks: In-depth knowledge of OWASP, NIST, and ISO 27001. Ideal Profile You have at least 6 years experience, ideally within an IT Security role. You have good interpersonal and communication skills and are adept at working with multiple stakeholders to drive desired outcomes. You have working knowledge of security testing, SAST, OWASP, ISO 27001, and CI/CD. You are a strong networker & relationship builder. You possess strong analytical skills and are comfortable dealing with numerical data. You are a strong team player who can manage multiple stakeholders. What's on Offer? Leadership Role Excellent career development opportunities Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Information Services and Software Development #J-18808-Ljbffr

Join to apply for the Application Security Lead role at R2 R Consultants LLP . 4 weeks ago Be among the first 25 applicants. This range is provided by R2 R Consultants LLP. Your actual pay will be based on your skills and experience — talk with your recruiter to learn more. Base pay range ZAR660,000.00/yr - ZAR960,000.00/yr Job Description The Lead Application Security position is responsible for providing technical leadership in securing software applications across the organization. This role involves implementing security policies, conducting security assessments, and working closely with development teams to ensure applications are designed and maintained with robust security measures. The Lead Application Security works with development teams to integrate security best practices throughout the software development lifecycle, helping to mitigate risks and protect organizational data and systems. Certification Must Have CISSP, CSSLP, GWAPT, OSCP, CKS, Cloud Security certifications (AWS Security, Azure Security, or GCP Security) preferred. The Role Key Accountabilities Lead the technical implementation of application security initiatives, ensuring alignment with organizational security strategy. Design and implement security controls throughout the software development lifecycle (SDLC). Conduct detailed threat modeling and risk assessments for critical applications. Perform advanced code reviews, penetration testing, and vulnerability assessments. Lead the remediation of security vulnerabilities and track resolution progress. Deliver application security training and mentor junior team members. Monitor emerging threats and vulnerabilities, recommending appropriate security measures. Collaborate with development and operations teams to embed security in the SDLC. Provide technical guidance and mentorship to application security team members. Implement and maintain container security policies and best practices. Assess and enhance security measures for containerized applications. Review and secure cloud-native application architectures. Security Testing: Advanced experience with SAST, DAST, and IAST methodologies. Dev Sec Ops: Experience integrating security into CI/CD pipelines. Security Frameworks: In-depth knowledge of OWASP, NIST, and ISO 27001. Ideal Profile You have at least 6 years experience, ideally within an IT Security role. You have good interpersonal and communication skills and are adept at working with multiple stakeholders to drive desired outcomes. You have working knowledge of security testing, SAST, OWASP, ISO 27001, and CI/CD. You are a strong networker & relationship builder. You possess strong analytical skills and are comfortable dealing with numerical data. You are a strong team player who can manage multiple stakeholders. What's on Offer? Leadership Role Excellent career development opportunities Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Information Services and Software Development #J-18808-Ljbffr

Who we are

We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That's digital trust for the real world.

Job summary

As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.

This is a remote position.

What you will do

• Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
• Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
• Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
• Perform and coordinate manual and automated code reviews.
• Lead threat modeling exercises across engineering teams.
• Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
• Contribute to internal security tooling development or integration.
• Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
• Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
• Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.
• Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
• Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
• Assist with managing bug bounty program.
• Develop program documentation to promote operational stability and scalability.
• Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.
• Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
• Drive and support security identified remediation efforts.
• Foster and promote a security-forward culture.
• Mentor junior team members.
• Other duties and responsibilities, as assigned.

What you will have

• Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.
• Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
• 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.
• Experience with red team implementation and methodologies.
• Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.
• Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
• Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
• Excellent communication skills with the ability to engage technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a meticulous attention to detail.
• Advanced level of knowledge of Information Security design concepts and principles

Nice to have

• Master's degree in a technical discipline
• Experience working in highly regulated environments.
• Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
• Certified Information Systems Auditor (CISA)
• AWS Solutions Architect

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance
• Sabbatical

#LI-GA1

__PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT

__PRESENT __PRESENT

#J-18808-Ljbffr

Who we are

We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That's digital trust for the real world.

Job summary

As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.

What you will do

• Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
• Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
• Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
• Perform and coordinate manual and automated code reviews.
• Lead threat modeling exercises across engineering teams.
• Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
• Contribute to internal security tooling development or integration.
• Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
• Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
• Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.
• Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
• Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
• Assist with managing bug bounty program.
• Develop program documentation to promote operational stability and scalability.
• Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.
• Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
• Drive and support security identified remediation efforts.
• Foster and promote a security-forward culture.
• Mentor junior team members.
• Other duties and responsibilities, as assigned.

What you will have

• Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.
• Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
• 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.
• Experience with red team implementation and methodologies.
• Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.
• Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
• Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
• Excellent communication skills with the ability to engage technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a meticulous attention to detail.
• Advanced level of knowledge of Information Security design concepts and principles

Nice to have

• Master's degree in a technical discipline
• Experience working in highly regulated environments.
• Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
• Certified Information Systems Auditor (CISA)
• AWS Solutions Architect

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance
• Sabbatical

#LI-GA1

__PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT

__PRESENT __PRESENT

#J-18808-Ljbffr

Who we are

We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That's digital trust for the real world.

Job summary

As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.

This is a remote position.

What you will do

• Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
• Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
• Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
• Perform and coordinate manual and automated code reviews.
• Lead threat modeling exercises across engineering teams.
• Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
• Contribute to internal security tooling development or integration.
• Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
• Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
• Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.
• Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
• Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
• Assist with managing bug bounty program.
• Develop program documentation to promote operational stability and scalability.
• Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.
• Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
• Drive and support security identified remediation efforts.
• Foster and promote a security-forward culture.
• Mentor junior team members.
• Other duties and responsibilities, as assigned.

What you will have

• Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.
• Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
• 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.
• Experience with red team implementation and methodologies.
• Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.
• Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
• Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
• Excellent communication skills with the ability to engage technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a meticulous attention to detail.
• Advanced level of knowledge of Information Security design concepts and principles

Nice to have

• Master's degree in a technical discipline
• Experience working in highly regulated environments.
• Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
• Certified Information Systems Auditor (CISA)
• AWS Solutions Architect

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance
• Sabbatical

#LI-GA1

__PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT

__PRESENT __PRESENT

#J-18808-Ljbffr

Who we are

We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That's digital trust for the real world.

Job summary

As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.

This is a remote position.

What you will do

• Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
• Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
• Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
• Perform and coordinate manual and automated code reviews.
• Lead threat modeling exercises across engineering teams.
• Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
• Contribute to internal security tooling development or integration.
• Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
• Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
• Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.
• Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
• Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
• Assist with managing bug bounty program.
• Develop program documentation to promote operational stability and scalability.
• Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.
• Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
• Drive and support security identified remediation efforts.
• Foster and promote a security-forward culture.
• Mentor junior team members.
• Other duties and responsibilities, as assigned.

What you will have

• Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.
• Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
• 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.
• Experience with red team implementation and methodologies.
• Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.
• Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
• Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
• Excellent communication skills with the ability to engage technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a meticulous attention to detail.
• Advanced level of knowledge of Information Security design concepts and principles

Nice to have

• Master's degree in a technical discipline
• Experience working in highly regulated environments.
• Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
• Certified Information Systems Auditor (CISA)
• AWS Solutions Architect

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance
• Sabbatical

#LI-GA1

__PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT

__PRESENT __PRESENT

#J-18808-Ljbffr

Who we are

We're a leading, global security authority that's disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world's largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to the little things like surgically embedded pacemakers. We help companies put trust - an abstract idea - to work. That's digital trust for the real world.

Job summary

As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.

This is a remote position.

What you will do

• Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
• Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
• Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
• Perform and coordinate manual and automated code reviews.
• Lead threat modeling exercises across engineering teams.
• Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
• Contribute to internal security tooling development or integration.
• Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
• Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
• Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.
• Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
• Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
• Assist with managing bug bounty program.
• Develop program documentation to promote operational stability and scalability.
• Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.
• Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC
• Drive and support security identified remediation efforts.
• Foster and promote a security-forward culture.
• Mentor junior team members.
• Other duties and responsibilities, as assigned.

What you will have

• Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.
• Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
• 5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.
• Experience with red team implementation and methodologies.
• Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.
• Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
• Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell
• Excellent communication skills with the ability to engage technical and non-technical stakeholders.
• Strong analytical and problem-solving abilities, with a meticulous attention to detail.
• Advanced level of knowledge of Information Security design concepts and principles

Nice to have

• Master's degree in a technical discipline
• Experience working in highly regulated environments.
• Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)
• Certified Information Systems Auditor (CISA)
• AWS Solutions Architect

Benefits

• Provident Fund
• Medical Aid + Gap Cover
• Employee Assistance Program
• Gym Reimbursement
• Life Insurance
• Disability Insurance
• Sabbatical

__PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT __PRESENT

__PRESENT __PRESENT

#J-18808-Ljbffr