Senior Application Security Engineer

Apply
By clicking Apply Now you agree to share your profile information with the hiring company.

Remote:

In-office Expectations: This position is fully remote with no in-office requirements, (might require coming into an office 1 or 2x a year)

About Your Role:

Dotdash Meredith is looking for a Senior Application Security Engineer with a demonstrated track record of innovative thinking, technical expertise, and mentorship. This role will be tasked with supporting product managers, software development teams, vulnerability management and remediation, and improving security coverage throughout the SDLC.

As a highly visible professional within the Security team, you will be responsible for helping to set technical direction, managing technical projects, and collaborating with other groups within the organization.

About Your Contributions:

Product Management

  • Be a key advisor and advocate to the overall strategy and roadmap of the Product Security Program.

  • Provide technical leadership and guidance to the development teams to assist in the creation and design of software development features

  • Track and provide reporting to leadership on current program/project status.

Solutions

  • Research, design and implement application security solutions to address application security threats, and meet compliance obligations

  • Manage and support the integration of application security tools into the SDLC process.

  • Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure.

  • Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements.

Vulnerability Assessment

  • Manage and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools

  • Assess the application threat landscape through threat modeling and architecture reviews

  • Conduct security source code reviews

  • Prioritize, triage and assist developers on the remediation of application security vulnerabilities

  • Develop metrics and reporting on the posture of the application security program

About You:

Technical Skills

  • 4+ years experience in Application Security

  • Full stack development experience preferably in Java, Javascript and/or Python

Application Development and Security

  • Knowledge of the current Application and Product Security threat landscape and industry best practices and how to implement them at a business-wide level

  • Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals.

  • Deep understanding of developing security policies, standards and procedures and experience with implementing them across the organization.

  • Experience with data encryption, cryptography and encryption key management.

  • Experience with web and mobile application security tooling and processes, including threat modeling, security design/code review, static code analysis, penetration testing, risk management, etc.

  • Understanding of vulnerability disclosure processes and experience working with vendors to integrate security solutions into the SDLC process.

  • Ability to innovate and find creative solutions that balance the needs of the business with the needs of security.

Infrastructure

  • Solid understanding of OSI model, TCP/IP, HTTP and TLS

  • Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model

  • Strong knowledge of cloud computing infrastructure and security best practices, including familiarity with cloud native applications and architecture.

  • Experience with configuration management and DevOps practices to ensure that security is integrated into the SDLC process

Interpersonal Skills

  • Passion for application security and continuous learning.

  • Able to concisely communicate security risks to both technical and business audiences

  • Attention to detail

  • Ability to work independently, and as part of a team

  • Ability to multitask and prioritize work effectively

Read Full Job Description
Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.

Technology we use

  • Engineering
    • JavaLanguages
    • JavascriptLanguages
    • PythonLanguages
    • TypeScriptLanguages
    • DockerFrameworks
    • GraphQLFrameworks
    • KafkaFrameworks
    • KubernetesFrameworks
    • Next.jsFrameworks
    • Node.jsFrameworks
    • ScikitFrameworks
    • SparkFrameworks
    • TensorFlowFrameworks
    • TerraformFrameworks
    • Vue.jsFrameworks
    • Vue.jsFrameworks
    • BigQueryDatabases
    • ElasticsearchDatabases
    • AWS (Amazon Web Services)Services
    • Google CloudServices

Location

225 Liberty St, New York, NY 10281

An Insider's view of Dotdash Meredith

What projects are you most excited about?

Atomic design is in our DNA at Dotdash. We're striving to have the dev and design teams work closer together and use a single source of truth for how components are pieced together using predefined molecules and atoms. This is exciting and innovative work that is helping us scale at an incredible rate and deliver on our promise of fastest sites!

Brian

Manager, Front-End Development

How do you empower your team to be more creative?

We do quite a few things to encourage creativity like hackathons, design sprints, and "Unconferences". That said, I think the most meaningful thing we do is to encourage teams to be autonomous. Having control and ownership over their respective applications gives our team members the freedom to explore ideas to solve their own problems.

Nabil

CTO

What are Dotdash Meredith Perks + Benefits

Culture
Open door policy
Team based strategic planning
Pair programming
Open office floor plan
Employee resource groups
Employee-led culture committees
Hybrid work model
In-person all-hands meetings
Summer hours
Flexible work schedule
Remote work program
Certain roles in some of our orgs can be designated as fully remote. Please see the job description for more information.
Diversity
Dedicated diversity and inclusion staff
Highly diverse management team
Diversity manifesto
Diversity employee resource groups
Hiring practices that promote diversity
Diversity recruitment program
Health Insurance + Wellness
Flexible Spending Account (FSA)
Disability insurance
Dental insurance
Vision insurance
Health insurance
Life insurance
Pet insurance
Wellness programs
Team workouts
Mental health benefits
Financial & Retirement
401(K) matching
Dotdash Meredith matches 100% of an employee's contributions up to 5% of their annual base salary.
Performance bonus
Charitable contribution matching
Child Care & Parental Leave
Childcare benefits
Generous parental leave
Family medical leave
Return-to-work program post parental leave
Company sponsored family events
Fertility benefits
Vacation + Time Off
Unlimited vacation policy
Generous PTO
Paid volunteer time
Paid holidays
Paid sick days
Flexible time off
Bereavement leave benefits
Company-wide vacation
Office Perks
Commuter benefits
Company-sponsored outings
Free snacks and drinks
Company-sponsored happy hours
Recreational clubs
Mother's room
Professional Development
Job training & conferences
Tuition reimbursement
Lunch and learns
Promote from within
Mentorship program
Continuing education available during work hours

More Jobs at Dotdash Meredith

Apply Now
By clicking Apply Now you agree to share your profile information with the hiring company.
Learn more about Dotdash MeredithFind similar jobs like this