Application Security Engineer

Introduction 

Are you searching for an opportunity to play a key role in driving the dramatic growth of a highly successful software company? 

At Poppulo, we’re working on what’s next in communications and workplace technology. As a pioneer in this industry, we understand that meaningfully reaching every employee is hard. And so is managing office space in a hybrid world. And so is improving the customer and guest experience. We exist to make each of these things easier. We exist to bring harmony to our customers. 

And we do that at enterprise scale. Our omnichannel employee communications, customer communications, and workplace experience platform is trusted by over 6,000 organizations today, reaching more than 35M employees and delivering content to 500,000+ digital signs.

We know there’s no such thing as a “perfect" candidate - we’re all a work in progress and are growing new skills and capabilities all the time. We encourage you to apply for a position with Poppulo even if you don’t meet 100% of the requirements. We believe in fostering an environment where there is a diversity of perspectives, in hopes that we can all thrive. 

The Opportunity 

Poppulo is seeking an Application Security Engineer to join our security team.  

The role of the Application Security Engineer is to identify and anticipate vulnerabilities to protect Poppulo assets. They will utilize established and create new processes and capabilities to focus on vulnerability management, secure code development, software development lifecycles, and security assessments.   

The Application Security Engineer will support the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties. 

The Application Security Engineer will report to the Sr. Director of Information Security Operations; this position is not a management position

Key Responsibilities

• Perform and support application security reviews, consulting, testing in coordination with developer operations, and threat modeling (using DREAD and STRIDE), including code review and dynamic testing.  
• Own and perform application security vulnerability management.  
• Support the bug bounty program.  
• Facilitate and support the preparation of security releases.  
• Support and consult with product and development teams regarding application security.  
• Assist in creation of secure code training to end-users and developers.  
• Assist in development of automated security testing to validate that secure coding best practices are being used.  
• Participate in the planning, implementing, and managing of application security measures/technologies to protect the organization's information systems and networks. 
• Assist with the review, development, and implementation of application security policies, procedures, and service documentation. 
• Monitoring application security systems to identify alerts and response efforts for potential application security events/findings. 

• Develop and mentor junior staff through open communication, training and development opportunities, and celebrate their success. 
• Facilitate our secure SDLC (Software Development Life Cycle) which includes AVS (Application Vulnerability Scanning) scanning, SD3+C, and PD3+C methodologies, etc.   
• Manual Penetration Testing of our Products and Vendor Products.  
• Develop detailed vulnerability reports for application owners and management teams.  
• Conduct detailed penetration test report read-outs with application owners and management teams and provide remediation recommendations.  
• Participate in On-Call rotations.  
• Other responsibilities, as required. 

Education & Experience: 

• Bachelor's degree in Computer Science, Information Systems, Cyber Security related field, or equivalent experience. 
• One or more security-based certifications preferred, such as CISSP, Security +, GWEB, GWAPT, etc.  
• 3+ years’ experience in some form of information security discipline; Information Security Engineering, Application Security Engineering, etc. 
• 3+ years of experience performing network and application security testing.  
• 5+ years of experience in software engineering working in .NET, JavaScript, React, HTML, AWS (Amazon Web Services) Micro Services, Python, and AWS-based lambda.   
• 2+ years working on security principles in software engineering with strong knowledge in Open Web Application Security Project (OWASP) security principles.  
• Experience with the NIST or ISO 27001/2 security frameworks. 
• Experience with the participation of SOC-based independent audits a plus. 
• Ability to use GitLab/GitHub/CICD Pipelines.  
• Familiarity with common security libraries, security controls, and common security flaws.  

Who We Are

We are a values-driven organization that encourages our employees to bring their authentic selves to work every day and empowers everyone to make a tangible impact on our products, clients, and culture. We offer a dynamic environment with driven, fun, and flexible individuals who thrive on challenge and responsibility. This is an opportunity to contribute to our culture and join a company that’s on the move.
We live the Poppulo values each day, as they are key to everything we do.

• Bring Your Best Self

We show up authentically, are self-aware and always strive to be better.

• See it. Own it. Solve it.

We proactively innovate and solve for our customers and each other. We set an example with high standards for our work. We foster a culture of learning, acknowledging our successes and our failures.

• Together We’re Better

We value and celebrate our diversity. We learn from others, respecting their expertise, and focus on building trust. That's what makes us a team.

Named a Great Place to Work in 2015, 2016, 2017, 2018, 2019, 2020, and 2021, we are a fast-growing global technology company, with offices in Ireland, the US, and the UK.
Poppulo is an equal opportunity employer.
We are committed to protecting your privacy. For details on how we collect, use, and protect your personal information, please refer to our Job Applicant Privacy Policy.