Lead Application Security Engineer
Job Description
Aera Technology, a Decision Intelligence company headquartered in Mountain View, California, is seeking a Lead Application Security Engineer to join their team. This role combines software development expertise with security specialization, focusing on building and maintaining robust application security programs.
The position requires leading the implementation of security measures to prevent OWASP Top 10 attacks, developing secure development practices, and managing penetration testing initiatives. You'll be responsible for integrating security tools into CI/CD pipelines, conducting threat modeling, and working closely with development and infrastructure teams to ensure security best practices are followed.
As an ideal candidate, you'll bring 5+ years of software development experience, combined with specialized security expertise including 3+ years in penetration testing and 4+ years working with security tools like SCA, SAST, and DAST. Your technical knowledge should span cloud environments, containerization, and infrastructure as code, while maintaining strong communication skills to effectively collaborate with development teams.
The role offers an opportunity to work with a growing company that's making significant impacts in decision intelligence, serving some of the world's best-known brands. You'll be part of a global team with offices across multiple countries, enjoying competitive benefits including medical insurance, equity options, and professional development opportunities. The hybrid work environment allows for flexibility while maintaining collaborative opportunities with the team.
Responsibilities For Lead Application Security Engineer
- Lead the application security program through tools and technologies to prevent OWASP Top 10 type of attacks
- Build Secure Development program including secure development training and testing
- Oversee penetration tests and remediation plans
- Work with field teams to understand data ingest and identify risks with new types of data
- Build SCA and SAST tools in CI pipeline
- Lead application security processes including managing security tools in CI/CD pipelines
- Work with development teams to promote best application security practices
- Work with infrastructure and DevOps teams to ensure security standards implementation
- Contribute to bug bounty triage and remediation processes
- Certify the security of each deliverable
Requirements For Lead Application Security Engineer
- 5+ years of Software Development experience
- 3+ years of pen testing or bug bounty experience
- 4+ years working with SCA, SAST, and DAST tools and building remediations
- Expert in the OSI model and the security controls at each level
- Expert in OWASP top 10 attacks, remediations, and controls
- Must be able to communicate and prioritize security findings with developers
- Bachelor's degree in computer science, Information Technology, or related technical area
- 3+ years of experience in cloud environments
- Proficient in Bash, Powershell or other scripting languages
- Proficient with container technologies (Docker), orchestration (Kubernetes) and infrastructure as code (Terraform)
Benefits For Lead Application Security Engineer
- Competitive salary
- Company stock options
- Comprehensive medical coverage
- Group Medical Insurance
- Term Insurance
- Accidental Insurance
- Paid time off
- Maternity leave
- Unlimited access to online professional courses
- People manager development programs
- Flexible working environment
- Fully-stocked kitchen with snacks and beverages
