Application Security Engineer

Description

Scentsy is looking for an Application Security Engineer to identify and assist in remediating security issues within Scentsy software products and services. The ASE will serve as the primary security contact for development teams and promote secure development practices within all phases of the Software Development Lifecycle (SDLC).

Click here to see what we're all about and learn more about us!

What You Will Do:

• Develop, implement, and enhance the Application Security program
• Conduct regular security assessments of enterprise applications in the form of static code analysis, dynamic application scanning, and penetration testing
• Perform code reviews to identify security flaws and suggest appropriate fixes
• Develop mitigation plans and reports around identified vulnerabilities
• Develop and enforce secure coding guidelines
• Develop and deliver application security training within Scentsy
• Apply a deep understanding of application security threats and protection mechanisms to enterprise development projects and solutions
• Provide security consulting and advisory services to enterprise development teams
• Conduct threat modeling on new projects and initiatives
• Serve as the primary consultant for product security
• Develop programs, scripts, or solutions to improve Cybersecurity operations
• Conduct security reviews of 3rd party software solutions, products, and vendors
• Implement solutions based on industry best practices
• Validate and document responses to security findings from third-party penetration testing engagements
• Advocate for security best practices throughout the company
• Promote and grow the Secure Software Development Lifecycle (SSDLC)
• Recommend security enhancements, tools, and process improvements
• Mentor less experienced team members
• Perform all other assigned tasks and requirements as needed.

We're Looking For:

• Bachelor’s degree in Computer Science, Computer Engineering, or related area of study, or equivalent experience
• 3 years of Application Security experience or Enterprise Software Development
• Experience with one or more general-purpose programming languages including but not limited to: Java, C/C , C#, Objective C, Python, JavaScript, or Go
• Experience in Application Security, Cryptography, Network Security, Systems Security, or Malware Analysis
• Offensive Security Web Expert (OSWE), Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), GIAC Penetration Tester (GPEN), GIAC Web Application Penetration Tester (GWAPT) certifications preferred
• Familiarity with the Open Web Application Security Project (OWASP) Top Ten
• Ability to work with multiple technology platforms and application stacks
• Knowledge of security audit processes
• Ability to communicate effectively to a variety of technical and non-technical audiences
• Ability to work collaboratively across all Information Technology teams
• Ability to work accurately, efficiently, and independently on detailed orientated tasks
• Excellent written and oral communication skills
• Ability to think critically, troubleshoot and solve complex problems, and make decisions quickly and independently that impact the company
• Strong organizational, analytical, and interpersonal skills
• Working knowledge of computers and all applicable software including 3rd party Information security solutions
• Ability to develop, oversee, and manage large programs from implementation through to completion

At Scentsy, we’re all about being our authentic selves and embracing our differences, and we’d love to hear from you. We take pride in being an Equal Opportunity employer and celebrate a culture based on simplicity, authenticity, and generosity. So, if you’re excited about this opportunity and think you can bring something awesome to the team, don’t hold back – please apply, and let’s see what we can do together!