Application Security Engineer Lead
Lisbon, PT
Mend.io
Mend.io gives you all the tools you need to build a mature, proactive AppSec program that effectively manages application risk.Description
We are looking for a highly motivated, talented, and hands-on Application Security Engineer who will participate in building our next-generation static code analysis engines for detection and remediation capabilities. This role offers challenges across a wide variety of responsibilities. You will have an opportunity to establish the application security discipline in the SAST group and define working procedures, processes, and tools.
The successful candidate will work closely with algorithms developers, improving the engines, developing security rules, performing a security review of source code, and suggesting optimization. We are searching for a team player with a can-do approach.
**Please note this is a remote position**
Responsibilities:
- Performing security source code analysis.
- Analyze application vulnerabilities and provide mitigation strategies.
- Researching, designing, and writing application security rules for detection, while working closely with a development team for SAST
- Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST.
- Handling complex cases escalated from the field and other teams.
- Improving Mend SAST engines for various programming languages.
Requirements
Requirements:
- Experience with security review of source code - Must!
- At least 5 years of experience in application security or security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
- Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.) - Must!
- Experience with at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
- Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts).
- Proven experience leading tasks and projects end-to-end, passion to grow to a TL position
- Excellent English – written and verbal.
- Excellent interpersonal and communication skills.
Advantages:
- BSc or BA in Computer Science or a similar degree
- Experience in managing application security engineers
- Experience working with development teams.
- Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications.
The Company: Mend.io offers an enterprise suite of application security tools designed to help organizations build and manage a mature, proactive AppSec program. Mend.io supports both developers and security teams by giving each team different, but complementary, tools to work with—enabling them to stop chasing vulnerabilities and start proactively managing application risk.
Our culture is open, inclusive, and engaging, and we work hard to foster a company where everyone feels valued. Mend is a company that lives by its values:
- We are passionate about excellence
- We see the world from the customer's perspective
- We are better together
Mend.io's EEO Statement
Mend.io is an equal opportunity employer committed to encouraging and celebrating its diverse and inclusive workforce. We welcome all without regard to age, race, color, religion, gender identity and expression, sex (including pregnancy, childbirth, and related medical conditions), sexual orientation, citizenship, national origin, disability, military status, veteran status, political affiliation, or any other protected characteristics. All aspects of employment including hiring, training, advancement, and discipline will be solely based on merit and qualifications related to professional competence. Mend.io operates on a principle of mutual respect and acceptance, and every employee must follow Mend.io’s anti-harassment and anti-discrimination company policies.
Mend.io’s Diversity Commitment
At Mend.io, we believe bringing together diversity of experience and background creates a better place to work, a better product, and more opportunities to innovate. Mend.io is committed to doing its part to mend the equity gap, fostering a safe, inclusive environment to inspire and support employees to be their authentic selves and provide development opportunities for all.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security C Code analysis Computer Science Exploits Java OWASP PHP Python Ruby SANS SAST Vulnerabilities Zero-day
Perks/benefits: Career development
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.