What We Do

Uptake is a Chicago-based predictive analytics SaaS platform provider that empowers major industry leaders to optimize performance, reduce asset failures and enhance safety. At Uptake, we combine our strengths—machine learning, analytics, data visualization and software development—with the expertise of our industrial partners. The result is enormous savings in development time and resources for Uptake’s partners and a proven industrial grade software platform that delivers value to partners and their end customers.

What You'll Do

As an Application Security Engineer, you’ll work on the Information Security team to lead the development of security controls and security defect remediation on our engineering teams. You’ll also help to foster a culture of security within the developer community.

Responsibilities

• Advise engineering teams on the best ways to prevent security issues
• Acquire an overall understanding of codebase and establish roadmaps to remediate gaps
• Serve as a trusted adviser for development groups
• Maintain skills with new and evolving security frameworks
• Evaluate reusable code and libraries for their ability to securely perform features like authentication and session management
• Respond to key risk indicator questions during the SDLC process
• Drive the adoption of techniques and processes for developing secure applications
• Build secure-by-design frameworks and middleware libraries to promote reuse of secure code
• Identify and close organizational knowledge gaps based on vulnerability trend information
• Provide security consulting and mentoring to internal development teams
• Provide application contextual knowledge to the security point of contact to accurately categorize severity of issues identified by the Information Security team
• Provide input on risk acceptance decisions to the Information Security team
• Build internal knowledge for software security including reference material

Qualifications

• Required:
• University or college degree
• At least 2 years of development experience with an emphasis on secure coding best practices and manual code review
• At least 2 years of experience with the following languages: Java, Java Web Services, HTML5 /JavaScript and Python
• Proven track record in implementation of security controls in the development process
• Familiarity with various OWASP frameworks, standards and cheat sheets
• Knowledge of cloud and virtualization technologies and platforms
• Preferred:
• Experience in software development continuous integration and continuous deployment environment
• Strong interpersonal skills and expert team player with demonstrated ability to build collaborative relationships
• Ability to effectively execute and drive cross functional teams in a fast paced startup environment
• CSSLP certification
• Active member of the information security community
• Be bad-ass in what you do.

Why Work Here

We build and deliver, then explore to build more. Curiosity and flexibility enable everything we do, and we get stronger as we make each new industry smarter. As a team, we bring our diverse backgrounds, beliefs and experiences to solve problems no one has yet to solve, at a speed no one has yet to experience. We support and challenge one another to bring out a new best in each of us, and we might have a little fun along the way.