**Job Title**:
**Senior Application Security Engineer**
**Job Category**:
Professional
**Department/Group**:
Security Engineering
**Position Type**:
Full time
**Location**:
Remote, Costa Rica
**Reports to**:
Engineering Manager
**Senior Application Security Engineer**
**What you'll be doing**
**Responsibilities**:
- Collaborate with software engineers and leadership to address security risks and provide mitigation recommendations within the Secure Development Lifecycle (SDLC).
- Operate as an advocate for Security in interactions with internal and external teams.
- Work with Risk & Compliance teams on SOC 2, PCI-DSS, HIPAA, and other audits as needed Researches and recommend policy and procedures as they relate to Application Security.
- Lead projects to implement security technologies for the entire enterprise.
- Integrate 3rd party and build custom solutions into our CI/CD pipelines and development cycles.
- Define security guardrails through automated tool policies, SLAs, custom rules, and support the developer community.
- Help the enterprise manage vulnerabilities across automated tooling and manual security assessments.
- Work with Champions to build relationships and ensure key activities are supported and deliverables are achieved in a timely manner.
- Support education and awareness strategy, rollout for Development community.
- Support the AppSec technical team and ensure relationships with Business and team maximised and effective.
**Qualifications**
**What your background looks like**
**Requirements**:
- Experience with SAST, Software Composition Analysis (SCA), DAST, IAST, RASP tooling.
- Experience in AppSec or DevSecOps groups.
- Experience with CI/CD pipelines.
- Experience with business and technical requirements analysis, business process modeling/mapping, methodology development, and data mapping.
- Strong understanding and background in MITRE, OWASP, SafeCode, risk management methodologies as they relate to integration/software testing.
- Good project management skills and/or substantial exposure to project-based work structures, project lifecycle models, etc.
- Strong understanding of end-user needs and requirements.
- Excellent understanding of the organization's goals and objectives.
- Excellent oral and interpersonal communication skills.
- Outstanding writing and documentation skills.
- Ability to communicate ideas in both technical and user-friendly language.
- Highly self-motivated and directed, with keen attention to detail.
- Ability to prioritize and execute tasks in a high-pressure environment.
- Experience working in a team-oriented, collaborative environment.
- Knowledge of applicable data privacy practices and laws.
- Willing to travel globally.
Preferences
- CSSLP
- Certification in Application Testing Mechanisms