Are you a high-energy, motivated, smart individual who thrives in a dynamic environment? As a member of a talented and progressive security team, your contributions will immediately affect the organization's success. The Acoustic Security team is looking for an experienced application security engineer to join a team focused on securing the next-generation digital marketing platform.Work alongside passionate security professionals in a complex environment. This position leads application security of Acoustic products and platforms, to be used by thousands of customers worldwide. This role handles working with the engineering team responsible for using scalable systems to manage our customers’ data consisting of hundreds of millions of contacts and associated attributes. You will research innovative security technologies and processes and work with fresh solutions that can be used to improve security within a cloud environment. What will you do:

• Lead application security reviews and threat modeling, including code review and dynamic testing
• Identify top product risk areas and lead risk-reduction initiatives with cross-functional teams
• Guide and advise product development teams as a SME in the area of application security
• Provide expert guidance and direction for developers when they encounter challenges with vulnerability remediation.
• Discover security vulnerabilities and devise mitigation strategies, as well as report and resolve technical debt
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities
• Lead in development of automated security testing to validate that secure coding best practices are being used
• Develop security standards and guidelines for application security and technologies
• Assist the development teams with use of security assessment tools and integration of security assessment tools into the build and development processes (e.g., DAST, SAST, SCA, etc.)
• Develop security training and socialize the material with internal development teams
• Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area
• Support development and devops teams with deployment and support of application protection solutions (e.g., WAF, RASP)

Requirements

• 1+ years of experience in design review and/or threat modeling
• Expertise in web application and API security
• Experience in at least one programming language like Java, Go, Python or NodeJS
• Ability to work well with software development teams
• Experience identifying security issues through code review
• Strong understanding and experience with common security tools and libraries (e.g., static analysis tools, DAST tools, proxying/penetration testing tools)
• Strong understanding of common security flaws and ways to address them (e.g., OWASP Top 10)
• Practical experience with scripting to automate tasks using languages such as Pyton or Go preferred
• Strong understanding of web related protocols and APIs
• Strong understanding of application protection solutions (e.g., WAF, RASP, IAST)
• Knowledge of integrated security best practices in continuous integration and continuous deployment (CI/CD) pipelines
• Experience with using Git, GitHub, and an IDE for development work.
• Familiarity with Docker concepts

What will set you apart?

• A guardrail, not gates, mentality
• Experience with application security assessment tools such as Burpsuite
• Experience with deploying security infrastructure as code in AWS and Azure
• The ability to thrive in a fast-paced work environment that requires independent self-direction, strong attention to detail, and an aptitude for team collaboration and open communication
• Excellent troubleshooting and problem-solving skills.
• Strong Communication Skills and ability to communicate ideas effectively
• Demonstrated passion for technology
• Not afraid of failure and willing to fail fast so you can move onto new ways of doing things