Job Details


Belfast, Northern Ireland

Closing Date

2022-02-28 00:00:00


Staff AppSec Engineer

  • Bazaarvoice is looking for a Staff AppSec Engineer to be a key member of the Security team and ensure that the Bazaarvoice applications and services are built using security best-practices standards.
    A Staff AppSec Engineer at Bazaarvoice is expected to understand the web application inner workings, be strong in multiple domains of security, and work closely with both technical and non-technical staff to guide, monitor, assess, and improve the security posture of Bazaarvoice applications.

    What you'll be doing:

      • Perform vulnerability assessment of applications using a variety of security tools such Burp Suite, web-debugging proxies, Dynamic application security testing (DAST) software, Static application security testing (SAST) software and other automated or manual testing techniques
      • Conduct security architecture reviews of the cloud environments and the application stack including Bazaarvoice-owned web and mobile applications
      • Triage findings from security software and provide remediation guidelines to software developers and other asset owners
      • Collaborate with internal development teams to ensure the applications meet security and compliance requirements
      • Investigate and respond to security incidents and identify root-causes. Recommend or implement appropriate solutions and preventative measures
      • Develop or integrate tools to improve security testing and detection of common web attack and misuse events
      • Build automation tools for security processes in the software development lifecycle (SDLC)
      • Document security processes and procedures
      • Work on complex projects independently and collaborate with a team
      • Act as a Security Team representative with other internal groups, vendors, and customers
      • Embrace a culture of continuous service improvement and service excellence
      • Stay current on security industry trends, research and become involved in the broader Security community

    Necessary skills and experience:

      • 4+ years of experience in Software Development, QA Engineering or Application Security
      • Proficient with AppSec tools (such as Sonarqube).
      • Strong understanding of common web vulnerabilities including OWASP Top 10
      • Experience with writing code, scripting, and automation
      • Knowledge of development integration tools and technologies (CI/CD).
      • The ability to triage and handle or escalate security issues independently
      • Strong sense of ownership, urgency, and drive.
      • Ability to build partnerships and get results.

    Nice to have:

      • Security Certifications like CISSP/SANS GIAC/OSCP/CEH/Security+
      • Experience with pen testing tools (such as Burp Suite, ZAP, Metasploit)
      • Strong understanding of common web application attacks and attacks against cryptographic algorithms.
      • Knowledge of cloud environments (AWS, GCP and/or Azure).
      • Ability to be sensitive to the requirements of business owners (engineering, product, and sales) and clients and balance business needs against security standards and protocols.
      • A hunger to learn how to be a well-rounded application security engineer and learn new skills and technologies out of their comfort zone.
      • Bachelor’s degree in Computer Science or Engineering; or equivalent training, education, and/or work experience