Key skills
Application Security StrategySecure Coding PracticesApplication Security ToolsThreat ModelingWeb Application ProtocolsContent Security PoliciesAI SecurityOWASP Top 10SASTDAST ToolsTrainingCollaborationDocumentationAIAWSSDLCOKRsSnykOWASP
About this role
Alma is on a mission to simplify access to high-quality, affordable mental health care. They are seeking a mission-driven Senior Application Security Engineer to help validate and enhance the security of their services and applications, ensuring they meet the company's security standards.
Responsibilities:
- Create, manage, and maintain the application security strategy and roadmap, tracking OKRs and work efforts over six quarters
- Comfortable and excited to lead the application security domain, including managing and maintaining existing tools, executing domain strategies, and owning all aspects of application security
- Develop, execute, and track the performance of security measures to protect Alma’s data, applications, and systems
- Gain a deep understanding of Alma’s systems and architecture and the software development processes used to develop it
- Provide subject matter expertise in the areas of secure coding, application authentication, encryption, AI, and quickly research and become competent in other areas as needed
- Collaborate with teammates, PMs, and peers to design, develop and implement engineering’s technical security strategy and architecture
- Collaborate with the Platform Infrastructure team to configure, troubleshoot, and maintain a security infrastructure that monitors and protects against security breaches and intrusions
- Collaborate with the Developer Experience team to integrate security tools, workflows, and practices into development environments
- Continually research current and emerging security threats and technologies, proposing changes and guidance that are most impactful
- Develop appropriate technical solutions along with the latest security tools that help mitigate security vulnerabilities and also help automate repeatable activities
- Build and provide high-quality application security documentation and training to engineers to set them up for success
- Educate and train Alma engineering on information system security best practices using our security training solution as well as in-person and recorded training
- Mature and execute the Threat Modeling program with engineers
- Implement, manage, and maintain application security tools such as SAST and DAST scanners and own the workflow for remediation of findings
- Assist with creating the reports for management regarding vulnerabilities, training, and other relevant metrics
Requirements:
- 4+ years of experience working in an application security role
- Strong understanding of the security best practices for the development lifecycle (SDLC)
- Expert knowledge of web application protocols
- Deep technical knowledge of Content Security Policies (CSP) and how to implement them
- Strong experience working with AI and understand the areas to focus on to secure it
- Expert understanding of application security testing tools like OWASP ZAP and Burpsuite
- Expert understanding of the OWASP Top 10 and other application attacks
- Experience installing and running a local developer environment for local testing of code
- Deep technical knowledge of application development, operating system environments, and AWS cloud infrastructure as they pertain to application security
- Implemented/managed SAST and DAST tools such as StackHawk and Snyk with more than a year experience in each type of tool
- Familiarity with common security libraries and tools