Application Security Engineer
As an Application Security Engineer, you'll be responsible partnering with multiple web and mobile engineering teams to drive security practices and principles in a fast-paced Agile development cycle. This is a hands-on technical position best suited for a professional with developer expertise and a background collaborating with multiple groups (project, business, architecture, and operational teams) across an organization to enable business goals by melding security into solutions.
- Develop and maintain a balanced application security program based on a well-defined application security framework
- Conduct application security assessments / penetration tests and implement tools for dynamic/automated code reviews
- Ensure application design and implementation best-practice with role-based and appropriate access standards, as well as integration with Identity and Access Management environments.
- Ensure compliance with society, regulatory, and industry standards for application security.
- Continuously evaluate the organization's existing application security practices, define and measure security-related activities, and demonstrating concrete improvements to the application assurance program within the organization.
- Provide secure application development training to developers and provide guidance on the development of web-based training for ongoing awareness.
- Develop and maintain unit and integration tests designed to ensure security controls are tested on code builds
- Consult with our engineering and data science teams to integrate automated security tools into our continuous integration and delivery pipeline.
- Support and assist in developing ongoing roadmap for security related projects
Desired Skills and Experience:
- 3+ years of combined experience in information security, technology, and risk management with at least 2 year' experience with container technologies (Kubernetes/Docker/Amazon ECS preferred)
- Comfort working with SQL and noSQL databases and cloud hosting infrastructure
- Understanding and passion for Agile/XP/Scrum/Kanban
- Strong understanding of web and mobile application security vulnerabilities and concepts.
- Ability to work both independently and collaboratively with peers, across teams, and with management.
- Ability to deliver technical reports and communicate technical concepts to both non-technical business users as well as client technical stakeholders.
- Understanding of application security concepts (such as the OWASP top 10) with the ability to articulate concepts to technical and non-technical staff
- Ability to work with engineering teams to weigh business risks and enforce appropriate security measures in support of a Continuous Integration / Continuous Deployment environment
- Strong understanding of application security concepts for internet technology, architecture and protocols OWASP and CWE concepts
- Ability to handle multiple complex, long term projects simultaneously
- Familiarity with control frameworks such as ISO, SOX, NIST, CobiT, and PCI
- Passion for technology and information security
- A. or B.S. in Computer Science, Information Management, or relevant field; OSCP, OSCE, or OSWE Certifications are a major plus
- CISSP is a plus
What We Offer:
Vivid Seats is the largest independent online ticket marketplace, sending tens of millions of fans to live events. Experiences Matter- which is why we continue to grow year over year. Working at Vivid Seats puts you front and center at the opportunity to scale our best in class platform that allow our fans to sit closer and experience more.
At Vivid Seats, you will have the opportunity to work with the flexibility and speed of a startup; while operating at massive, profitable scale. We keep our teams lean, allowing each and every employee direct accountability to creating a positive ticket buying experience. We are relentless and move quickly to release new features and content to our applications daily. Good ideas are heard and implemented, and hard work rewarded. Being a part of our team means having the ability to drive impact and own the innovation that connects our tens of millions of unique monthly users to the memorable experiences that only live events create.
We are passionate about creating memorable experiences for our fans… and the best in class experience for our employees. Vivid Seats offers competitive compensation levels, individual and team-based bonus opportunities, generous benefits package and Flex PTO policy plus a variety of workplace perks. The most exciting one: We offer our employees $100 worth of credits each month to spend on Vivid Seats tickets along with promotional discounts. At the heart of it, we are all fans of great live events. We want to help you get there more often.
111 N Canal Suite #800
Chicago, IL 60606