Apply on Employer Site

Cars Commerce · 3 days ago

Sr. Application Security Engineer II

United States

Full-time

Remote

Senior Level, Lead/Staff

$154K/yr - $193K/yr

10+ years exp

Cars Commerce is dedicated to simplifying the car buying and selling process through innovative technology. The Senior Application Security Engineer II will manage security tools within the software development lifecycle, create educational programs for developers, and ensure the application security aligns with best practices for cloud-based infrastructure.

AnalyticsContent MarketingMobile AdvertisingWeb Development

No H1B

Responsibilities

Inventory all code developed internally. Identify which are production, internal test, or other internal/external/corp type

Tag all production code with code: production inside Snyk

Focus on ensuring all production codebases are using Snyk pipeline toll gates / help implement them

Design, drive and implement V2 roadmap for Snyk (Optimization) and engage in program maturity

Tool Management and Integration: Oversee and manage existing SDLC security tools (e.g., SAST, DAST, SCA) and integrate them effectively into the development workflow. This includes evaluating current tools, optimizing their configuration, and ensuring they provide actionable insights for developers

Developer Education: Develop and lead educational programs on secure coding practices, vulnerability mitigation, and emerging security threats. These could include regular training sessions, hands-on labs, and the development of a library of best practices to ensure a well-informed developer base

“Paved Roads” for Security: Create secure coding libraries, frameworks, and standardized processes that developers can adopt seamlessly. These will serve as “paved roads” for consistent, secure, and efficient code development across teams

Vulnerability Remediation Support: Provide developers with a resource for addressing vulnerabilities, guiding them in applying secure coding practices, and mentoring them to minimize security flaws

Cloud Security Expertise: Apply cloud-native security principles, ensuring that our applications follow best practices for securing cloud-based infrastructure

Qualification

Application SecuritySDLC Security ToolsCloud SecuritySecure Coding PracticesDeveloper EducationJavaPythonJavaScriptDevSecOpsCISSPCSSLPGCIHInterpersonal SkillsCommunication SkillsOrganizational Skills

Required

10+ years of application security experience, including hands-on experience with SDLC security tools and secure development practices

Proven development background (e.g., in Java, Python, or JavaScript) to effectively collaborate with engineering teams and create practical security solutions

Experience building security training programs and documentation to upskill developers

Familiarity with cloud-based security architecture and principles, particularly with AWS or other major cloud providers

Current certifications such as ISC2 Certified Software Security Lifecycle Professional (CSSLP), ISC2 Certified Information Security Professional (CISSP), or GIAC Certified Incident Handler (GCIH)

Proficiency in DevSecOps application security testing controls and methods, including Run-time Application Self-Protection, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Software Composition Analysis and Software Bill of Materials (SCA and SBOM), Threat Modeling, and penetration testing

Working knowledge of various scripting and programming languages such as Python, Ruby, Java, JavaScript, and SQL, including web application frameworks such as Ruby on Rails, run-time environments such as NodeJS, and API query languages such as GraphQL

Bachelor's degree in information security, information assurance, computer science, management information systems, computer information systems, or a related discipline

Demonstrated excellent interpersonal skills, ability to interface effectively with all levels of employees/management, excellent verbal and written communication skills, and excellent organizational skills