Senior Application Security Engineer

ABOUT US 

We are Alter Domus. Meaning “The Other House” in Latin, Alter Domus is proud to be home to 85% of the top 30 asset managers in the alternatives industry, and more than 5,000 professionals across 23 countries. 

With a deep understanding of what it takes to succeed in alternatives, we believe in being different. Invest yourself in the alternative, and join an organization where you progress on merit, where you can speak openly with whoever you are speaking to, and where you will be supported along whichever path you choose to take. 

Find out more about life at Alter Domus at careers.alterdomus.com  

Reporting to the Global Head of Security, the Application Security Engineer plays a crucial role in leading our Application Security program, ensuring the highest level of security for our Engineering teams. The ideal candidate must have empathy for developers and intimately know the tools and workflows they use on a daily basis, while understanding the importance of communication, documentation, and taking accountability. The incumbent is an engineer who prioritizes addressing security challenges through technology and automation with a history of enabling developers with actionable security guidance. The candidate has experience with security code review, threat modeling or security architecture reviews, and can identify vulnerability paths explaining how they could be exploited while familiar with options for mitigation.

Responsibilities:

• Shift left” security efforts to build security into the software development lifecycle:
  • Conduct secure design reviews and threat modeling to identify and prioritize risks, attack surfaces, and vulnerabilities
  • Deploy and operationalize static (SAST), dynamic (DAST), dependency (SCA) and secrets scanning
  • Work with Platform DevOps team to build and maintain security automation tools to seamlessly embed inline security checks into CI/CD pipelines
  • Partner with Platform DevOps to help design secure-by-default architectures and workflows
  • Assist with application security code reviews of source code changes and advise developers on remediating vulnerabilities following secure coding practices
• Establish and track SLA governance to ensure security findings are identified, prioritized, and remediated.
• Maintain application asset inventory.
• Lead the Security Champions Program to build security-minded culture amongst developers and IT Operations teams.
• Act as a trusted advisor and partner for development and cross-functional project teams, providing actionable guidance to address security.
• Help with training on secure coding practices, empowering teams to proactively prevent vulnerabilities.
• Evaluate and implement security tools and automation solutions to enhance the security posture of applications and streamline security processes.
   

PROFILE:

• Bachelor's degree in Computer Science, Information Security, or related professional experience.
• Have 3+ years of hands-on experience in application security, including securing cloud-based and containerized environments.
• Experience performing secure code reviews and interpreting SAST/SCA/DAST results.
• Strong experience with modern development workflows, including CI/CD pipelines, using Azure Pipelines and GitHub Actions.
• Working knowledge of the OWASP Top 10 for web applications and APIs and how to apply the standard to minimize security risk.
• In-depth understanding of vulnerabilities and secure coding practices.
• Hands-on experience with security tools like Snyk, Veracode, Burpsuite or similar.
• Familiarity with cloud platforms (AWS, Azure) and containerization (Docker, Kubernetes).
• Proficiency in programming languages like Python, Java, or C# is preferred.
• Have empathy, collaboration skills, and a learning mindset to work cross-functionally with engineers of all levels to build security into the product life cycle.
• Possess broad security knowledge to connect the dots across domains and identify holistic ways to lower the overall threat surface.
• Have the ability to distill complex security concepts into clear actions and drive consensus with minimum supervision.
• Demonstrated success in partnering with developers to integrate security.

WHAT WE OFFER:

We are committed to supporting your development, advancing your career, and providing benefits that matter to you. 

Our industry-leading Alter Domus Academy offers six learning zones for every stage of your career, with resources tailored to your ambitions and resources from LinkedIn Learning. 

Our global benefits also include: 

• Support for professional accreditations such as ACCA and study leave 
• Flexible arrangements, generous holidays, birthday leave
• Continuous mentoring along your career progression 
• Active sports, events and social committees across our offices 
• Support with mental, physical, emotional and financial support 24/7 from our Employee Assistance Program 
• The opportunity to invest in our growth and success through our Employee Share Plan 
• Plus additional local benefits depending on your location 

Equity in every sense of the word 

We are in the business of equity, in every sense of the word. For us, this means taking action to ensure every colleague has equal opportunity, valuing every voice and experience across our organisation, maintaining an inclusive culture where you can bring your whole self to work, and making Alter Domus a workplace where everyone feels they belong. 

We celebrate our differences, and understand that our success relies on diverse perspectives and experiences, working towards shared goals and a common purpose. Thanks to the work of our Group DE&I Committee and network of DE&I Champions, we empower all of our people to be truly invested in the alternative.  

We are committed to ensuring an inclusive recruiting and onboarding process. Please contact our hiring team if you require any accommodations to make our recruitment process more accessible for you. 

(Alter Domus Privacy notice can be reviewed via Alter Domus webpage: https://alterdomus.com/privacy-notice/)

#LI-HYBRID