Senior DevSecOps | Application Security Specialist

The future of insurance starts with AI. To date, Shift Technology's AI-powered products have benefitted more than 300 million policyholders globally by reducing underwriting risk, identifying more fraud, and automating critical tasks throughout the claims process.  Shift harnesses the power of AI to enable the world’s leading insurance organizations to make better decisions. Our products help insurers improve operational efficiency, reduce costs, and deliver superior customer experiences to their policyholders.  Our culture is built on innovation, trust, and a drive to transform the insurance industry by imagining and innovating solutions that impact insurers and their customers - like you! We come from more than 50 different countries and cultures and together we are creating the future of insurance.

The security team is a critical component of Shift Technology as no organization is immune to cyber-crime. The team is responsible for protecting information throughout the security infrastructure, edge devices, networks, and data. We strive to stay up to date with the latest tactics hackers are employing in the field in order to prevent data breaches by monitoring and reacting to attacks but the first step is finding the most qualified professionals to lead the way. 

What you'll do...

As a Sr. Application Security Engineer within Shift, you will own, maintain and promote the security tools of the SDLC, CI/CD pipeline, continuously test (manually and automatically), and monitor software security from design to production, supervise part of the SOC. You’ll join a team and a company where you can own and drive, and progress your career to the next level. As part of the information security department, this role reports to the CISO.

RESPONSIBILITIES

• Working with data scientists and software delivery teams to ensure technical security standards and architectures are well understood and best practices are followed so the software is developed with Security and Privacy by Design and by Default in mind.
• Raise the awareness of our developers about security best practices
• Automation of security testing (SAST, DAST, SCA, Vulnerability management, threat modelling, etc.) and acquaintance with relevant tooling eg. Github Advance Security, Veracode, Snyk, ThreatAgile, ZAP, Burp, Bug Bounty, etc.
• Interest in Data Science, Engineering and ML Security on Azure and AWS.
• Ownership of the Application Security Chapters by defining technical policies, standards and guidelines for security relating to software development and championing these through the organisation.
• Working with engineering leads on identified security risks and software vulnerability.
• Operate a software vulnerability management program.
• Understanding/Knowledge of main development language frameworks (C#, Java, React, Python, etc…)
• Occasional security auditing of software developed by the company and its partners.
• Oversee security managed services and outsourced security capabilities
• Create, maintain, and execute appropriate incident response processes to enable timely escalation, containment, and recovery of cyber security events
• Work with other teams to identify recurring patterns and propose strategic actions to reduce risk
• Provide clear, concise, and easily consumable communication with key technical and non-technical stakeholders so that incidents are understood and appropriately addressed
• Ensure accurate and clear communication with all stakeholders
• Provide appropriate KPIs and KRIs to key stakeholders
• Technical liaison with third parties on application security related discussions related to security.
• Promote a mind-set of developing secure systems, transferring knowledge of security standards / processes and acting as a subject matter expert (SME)
  

SKILLS & BACKGROUND

• 5+ years experience with a degree in Computer Science, IT, Systems Engineering or a related qualification.
• Familiarity with applicable standards, methods, models, and approaches (OWASP, CWEs, MITRE, threat modeling, etc.).
• Knowledge of scripting language (Python, Ruby, Rust, etc.).
• Strong knowledge of API and Web Apps security.
• Collaboration - Engagement with the tech teams and other stakeholders, especially in a remote setting.
• Good understanding of software security principles and best practices.
• Excellent communication skills; comfortable to represent the cyber security team at all levels of the organisation, and with partners and vendors.
• Good awareness of cybersecurity trends.
• Strong attention to detail, a can do attitude, and an analytical mind and outstanding problem solving

Recruitment Process

• TA Interview
• Security team interview
• Technical interview
• CISO interview
• CTO interview

#LI-RH1 #LI-HYBRID

#LI-ONSITE #LI-HYBRID

To support our permanent, full time employees at every stage of their careers and lives, we provide a competitive total rewards and benefits package. Here are the global benefits we’d like to highlight:

• Flexible remote and hybrid working options
• Competitive Salary and a variable component tied to personal and company performance
• Company equity
• Focus Fridays, a half-day each month to focus on learning and personal growth
• Generous PTO and paid holidays
• Mental health benefits 
• 2 MAD Days per year (Make A Difference Days for paid volunteering)

Additional benefits may be offered by country - ask your recruiter for more information. Intern and Apprentice position are eligible for some of these benefits - ask your recruiter for more details.

At Shift we strive to be a diverse and inclusive workforce. We welcome applications from and hire people who will contribute to the diversity of our company, without regard to race, color, religion, marital status, age, national or ethnic origin, physical or mental disability, medical condition, pregnancy, genetic information, gender identity or expression, sexual orientation, or other non-merit criteria.

Shift Technology is committed to providing reasonable accommodations for qualified individuals with disabilities in our application and employment process. Should you require accommodation, please email accommodation@shift-technology.com and we will work with you to meet your accessibility needs.

Please be aware of scammers and only trust correspondence that comes from emails ending in shift-technology.com

Shift Technology does not accept unsolicited CVs from recruiters or employment agencies in response to the Shift Technology Careers page or a Shift Technology social media post. Any unsolicited CVs, including those submitted directly to hiring managers, are deemed to be the property of Shift Technology.