Copado · 2 days ago

Lead Applications Security Engineer (Product)

New Orleans, LA

Full-time

Remote

Senior Level, Lead/Staff

Maximize your interview chances

CollaborationDeveloper Platform

Insider Connection @Copado

Discover valuable connections within the company who might provide insights and potential referrals.
Get 3x more responses when you reach out via email instead of LinkedIn.

Responsibilities

Conduct product design reviews, threat modelling, and technical security assessments of products to identify risks and provide security guidance

Drive security architecture best practices across different product lines

Scale the impact of our team through tooling and automation

Track and drive vulnerability remediation across our code base and cloud infrastructure

Partner with engineering teams to integrate reproducible security practices into the product development lifecycle

Collaborate with Product, Engineering, Legal, IT and other internal stakeholders to provide recommendations for solutions focused on decreasing business risk

Represent product security in our ISO27001, SOC 2, and FedRAMP audits

Author security guidelines and documentation

Qualification

Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.

Application Security Best PracticesWeb Application SecuritySecurity ArchitectureProgramming LanguagesSecurity FrameworksVulnerability RemediationCollaborative CommunicationHolistic FocusSDLC Program DevelopmentPublic SpeakingProfessional Security CertificationsSalesforce Platform KnowledgeGCP KnowledgeAWS KnowledgeMentoringMotivated Learner

Required

Collaborative Communication: You engage and listen empathetically to others, adjusting your communication style to fit the audience and message. You are experienced in communicating with technical and non-technical audiences, leadership, internal and external parties.

Mentoring: You enjoy using your knowledge and experience to support and uplevel those around you.

Motivated Learner: You learn new technologies, and processes quickly, and understand where and how to look for knowledge when you need it.

Holistic Focus: You can get into technical security issues, but you are able to consider the security landscape holistically, factoring in both the business and security context.

Data Driven: Experience using data to inform decisions and familiarity with quantified risk.

Deep understanding of application security best practices, and how those fit into web application architecture and design principles.

In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.

Demonstrated experience in building or up levelling an SDLC program.

Strong organizational skills around compiling and disseminating the right amount of information for security issues to different types of audiences.

Relevant development experience in programming languages such as: Java, Python, JavaScript / Node.js.