Senior Application Security Engineer

Company Description

PG Forsta is the leading experience measurement, data analytics, and insights provider for complex industries—a status we earned over decades of deep partnership with clients to help them understand and meet the needs of their key stakeholders. Our earliest roots are in U.S. healthcare –perhaps the most complex of all industries. Today we serve clients around the globe in every industry to help them improve the Human Experiences at the heart of their business. We serve our clients through an unparalleled offering that combines technology, data, and expertise to enable them to pinpoint and prioritize opportunities, accelerate improvement efforts and build lifetime loyalty among their customers and employees.

Like all great companies, our success is a function of our people and our culture. Our employees have world-class talent, a collaborative work ethic, and a passion for the work that have earned us trusted advisor status among the world’s most recognized brands. As a member of the team, you will help us create value for our clients, you will make us better through your contribution to the work and your voice in the process. Ours is a path of learning and continuous improvement; team efforts chart the course for corporate success.

Our Mission:

We empower organizations to deliver the best experiences. With industry expertise and technology, we turn data into insights that drive innovation and action. 

Our Values:

To put Human Experience at the heart of organizations so every person can be seen and understood. 

• Energize the customer relationship: Our clients are our partners. We make their goals our own, working side by side to turn challenges into solutions. 
• Success starts with me: Personal ownership fuels collective success. We each play our part and empower our teammates to do the same. 
• Commit to learning: Every win is a springboard. Every hurdle is a lesson. We use each experience as an opportunity to grow. 
• Dare to innovate: We challenge the status quo with creativity and innovation as our true north. 
• Better together: We check our egos at the door. We work together, so we win together. 

Being a great tech company, Forsta has an amazing Engineering team behind it. Our Engineering team turns ideas into products and makes our vision a reality! We are the true innovation masterminds of Forsta, the ones building our software so our company can continue delivering solutions that allow global businesses and market research agencies to be successful.

We are growing and are looking for several new colleagues to join our teams in Oslo. We are especially looking for more people in the area of application security. You will be working with the application security lead and other security focused employees both in Norway and abroad that all cover various parts of the information security field.

You can expect your responsibilities to cover some of the following areas:

• Prevention and early detection (shift left) of vulnerabilities through developer training and awareness
• Prevention and early detection of vulnerabilities through SAST, DAST, SCA
• Solve problems together with devs, devops and cloud ops
• Handle external penetration tests
• Test for vulnerabilities (red teaming)
• Assist with advice and/or writing code for security specific functions
• Threat modeling sessions with product teams
• Develop systems for testing and reporting
• Stay up to date on attacks and vulnerabilities
• Share knowledge and promote secure coding and deployment in the organization
   

Your Role Will Require and Challenge You To:

• Be passionate about security in all stages of a product lifecycle
• Show analytical and communication skills
• Acquiring new knowledge and turn it into actionable changes
• Show persistence in finding vulnerabilities, qualifying/prioritizing vulnerabilities, and seeing them fixed
• Take pride in what you deliver
• Ability to work independently and as part of various teams
• Be a strong team player and prefer to work with others in all phases of the development process
• Enjoy collaborating across departments and borders in an international environment
• Take responsibility, learn continuously, and lead initiatives and projects

Qualifications

• A degree in Computer Science, Information Security, Cryptography or similar, or professional experience in information security software development or system administration.
• Fluent in English (our working language) and Norwegian (or willing to learn).

Experience with at least some of the following:

• Web app development
• Mobile app development
• Kubernetes/containers
• Security testing
• Attack techniques
• Secure coding
• OWASP top 10, HIPAA
• Web proxies, Burp Suite, ZAP, sqlmap, other reconnaissance and vulnerability detection tools
• SAST, DAST, SCA
• OpenID connect, OAuth 2.0, SAML2
• Security headers, same origin policy, authentication tokens, certificates
• Azure
• Web servers

Additional information

Please note that the job is located in Oslo, Norway.
We require applicants to already reside in Norway with a relevant work or residency permit.

Don’t meet every single requirement? Studies have shown that women and people of color are less likely to apply to jobs unless they meet every single qualification. At PG Forsta we are dedicated to building a diverse, inclusive and authentic workplace, so if you’re excited about this role but your past experience doesn’t align perfectly with every qualification in the job description, we encourage you to apply anyways. You may be just the right candidate for this or other roles.

Additional Information for US based jobs:

Press Ganey Associates LLC is an Equal Employment Opportunity/Affirmative Action employer and well committed to a diverse workforce. We do not discriminate against any employee or applicant for employment because of race, color, sex, age, national origin, religion, sexual orientation, gender identity, veteran status, and basis of disability or any other federal, state, or local protected class. 

Pay Transparency Non-Discrimination Notice – Press Ganey will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 

All your information will be kept confidential according to EEO guidelines.

Our privacy policy can be found here: https://www.pressganey.com/legal-privacy/