Senior Application Security Engineer at Apollo.io

Your Role & Mission

The Senior Application Security Engineer will work with product and engineering to create a secure SDLC, design security features and implement tools, education and processes to reduce risk of security issues in the tech stack.

Responsibilities

• Select or build tooling to help developers build secure code
• Provide overall security architectural advice to Engineering and IT
• Manage issues sourced from penetration tests and bug bounty programs 
•  Participate in the security champions program
• Help Product, Engineering and IT incorporate security requirements into new products from inception
• Assist in the creation and maintenance of Security Risk Models for new projects and existing systems

Skills & Competencies

• 5+ Years of Web Application Security experience
• Strong experience with vulnerability management, or penetration testing is required.
• Extensive experience in conducting Architectural Reviews and Threat Models frequently is required. 
• Strong knowledge of common AppSec issues and tooling (e.g. SCA, SAST, DAST)
• Strong Linux knowledge is a plus. 
• Experience with cloud services, ideally GCP is plus. 
• Strong software development skills ideally in Ruby, Node Secondary
• Strong Communication and Influencing skills
• Should have worked in SaaS environment. 
• Should have extensive knowledge of Open Redirect, OAuth, and CSRF. 
• Certifications: OSCP/OSWE/CEH: At least 1 Certification is a plus. 

#LI-JM1