Our mission is to usher in a new era of trust and predictability to transportation and logistics, but there’s still a lot of work to be done. The industry is massive, as is the opportunity. We’re looking for bright, ambitious individuals to join our growing global team and help us enable a more productive and successful world. We’re changing the way the world ships, and we’re looking for you to help us get there!
As a Senior Application Security Engineer, you will report to our Senior Director of Information Security and be responsible partnering with multiple engineering teams to drive security practices and principles in a fast-paced Agile development cycle. This is a hands-on technical position best suited for a professional with developer expertise and a background collaborating with multiple groups (project, business, architecture, and operational teams) across an organization to enable business goals by melding security into solutions.
- Integrate security practices into the software development pipeline
- Conduct regular application security testing to ensure security practices are followed
- Reviewing code and proposed architecture designs for security concerns
- Providing security guidance toward secure technologies and solutions
- Identify areas where processes may be improved, (and when possible, implement improvements and fixing known application security issues)
- Develop and maintain a balanced application security program based on a well-defined application security framework.
- Support installations of security tooling (SAST, DAST, etc.) with Key Performance Indicators (KPIs) measuring performance.
- Provide secure application development training for ongoing awareness.
- Support and assist in developing ongoing roadmap for security-related projects.
- Respond to and investigate application security incidents.
Desired Skills and Experience
- 2+ years of software engineering experience and 2+ years of information security experience (can be combined)
- Self-sufficient -- able to drive a project towards a goal with minimal input and identify security issues independently. Able to handle multiple complex, long-term projects simultaneously.
- Strong understanding of web application security vulnerabilities, concepts and frameworks (such as the OWASP top 10, BSIMM) with the ability to articulate concepts to technical and non-technical staff verbally and in writing.
- Experience working with Identity and Access Management services, Single Sign On (SSO) frameworks and mechanisms such as OAuth and SAML
- Experience integrating and tuning security for microservices in a cloud infrastructure
- Experience with attacks and mitigation methods, with experience coordinating and executing Penetration Tests, Bug Bounty Programs, Threat Modeling, and Static/Dynamic Analysis
- Passionate and excited about security topics and engineering.
Since 2014, project44 has been transforming the way one of the largest, most important global industries does business. As transportation and logistics continues to evolve and customer expectations around delivery become more demanding, industry technology must rise to the occasion. In just a few short years, we’ve created a digital infrastructure that eliminates the inefficiencies caused by dated technology and manual processes. Our Advanced Visibility Platform is used by the world’s leading brands to track shipments, collaborate with supply chain partners, drive operational efficiencies, and create outstanding customer experiences.