Bazaarvoice is looking for a Staff AppSec Engineer to be a key member of the Security team and ensure that the Bazaarvoice applications and services are built using security best-practices standards.
A Staff AppSec Engineer at Bazaarvoice is expected to understand the web application inner workings, be strong in multiple domains of security, and work closely with both technical and non-technical staff to guide, monitor, assess, and improve the security posture of Bazaarvoice applications.
What you'll be doing:
- Perform vulnerability assessment of applications using a variety of security tools such Burp Suite, web-debugging proxies, Dynamic application security testing (DAST) software, Static application security testing (SAST) software and other automated or manual testing techniques
- Conduct security architecture reviews of the cloud environments and the application stack including Bazaarvoice-owned web and mobile applications
- Triage findings from security software and provide remediation guidelines to software developers and other asset owners
- Collaborate with internal development teams to ensure the applications meet security and compliance requirements
- Investigate and respond to security incidents and identify root-causes. Recommend or implement appropriate solutions and preventative measures
- Develop or integrate tools to improve security testing and detection of common web attack and misuse events
- Build automation tools for security processes in the software development lifecycle (SDLC)
- Document security processes and procedures
- Work on complex projects independently and collaborate with a team
- Act as a Security Team representative with other internal groups, vendors, and customers
- Embrace a culture of continuous service improvement and service excellence
- Stay current on security industry trends, research and become involved in the broader Security community
Necessary skills and experience:
- 4+ years of experience in Software Development, QA Engineering or Application Security
- Proficient with AppSec tools (such as Sonarqube).
- Strong understanding of common web vulnerabilities including OWASP Top 10
- Experience with writing code, scripting, and automation
- Knowledge of development integration tools and technologies (CI/CD).
- The ability to triage and handle or escalate security issues independently
- Strong sense of ownership, urgency, and drive.
- Ability to build partnerships and get results.
Nice to have:
- Security Certifications like CISSP/SANS GIAC/OSCP/CEH/Security+
- Experience with pen testing tools (such as Burp Suite, ZAP, Metasploit)
- Strong understanding of common web application attacks and attacks against cryptographic algorithms.
- Knowledge of cloud environments (AWS, GCP and/or Azure).
- Ability to be sensitive to the requirements of business owners (engineering, product, and sales) and clients and balance business needs against security standards and protocols.
- A hunger to learn how to be a well-rounded application security engineer and learn new skills and technologies out of their comfort zone.
- Bachelor’s degree in Computer Science or Engineering; or equivalent training, education, and/or work experience