Senior Application Security Developer

Senior Application Security Developer Reports To: Development Manager, Engineering & Security About the Job: With atVenu's accelerated growth, we need a Senior Application Security Developer to join the team. The successful candidate will be an adept Rails/React developer who enjoys looking backwards, refactoring legacy code to fix vulnerabilities, while keeping an eye towards the future, developing new infrastructure features. They will have a familiarity with PCI, GDPR and SOC2 compliance/regulatory standards, and will have a keen interest in staying abreast of emerging security threats. They will be considered a subject matter expert in the field of software security on a busy engineering team. Experience leveraging AI tools in software engineering and security would be nice to have. Our Tech Stack:

• Front End: React Native, React, JavaScript
• Backend: Ruby, Rails, GraphQL, PostgreSQL, Redis, CouchDb
• Cloud Platform: AWS
• Tools: GitHub, Sidekiq, Docker

You Will:

• Help shape our maturing security vulnerability management program, in support of our PCI DSS and SOC2 security compliance obligations
• Participate in vulnerability assessments, security audits, penetration tests and resolution of any findings
• Complete security code reviews with the use of scanning tools and manual inspection
• Support incident response and architecture review processes when application security expertise is required
• Integrate threat modeling practices into the product development life cycle
• Review/analyze security logs/reports from a variety of sources; propose/implement recommendations for improvement
• Conduct real time tactical management of security events in collaboration with the compliance and engineering teams
• Create and execute phishing campaigns inclusive of ongoing review/analysis/risk prioritization of authentic phishing emails
• Support Vendor Management activities to ensure security standards are adhered to

You Should Have:

• 8+ years of developer experience, with at least 3 of those years specialized in security vulnerability management
• Proficiency with Ruby on Rails and React
• Proven experience in mobile application development (IOS/Android)
• Direct experience with enterprise server platforms, virtualized technology and cloud operations (AWS, Docker)
• Expertise in employing analytics/threat intelligence techniques, incident response process and software security
• Deep knowledge of compliance and privacy management across North America and Europe
• Experienced in the use of the development and testing tools with strong knowledge of networking security
• Excellent communicator capable of explaining vulnerabilities and weaknesses and discussing effective defensive techniques to technical/non-technical team members

Nice to have:

• Programming experience in

• unix/mac,javascript/ruby/shell
• reactjs/react-native/graphq/rest/rails/sidekiq/postgres/couchdb/redis
• stripe/heroku/aws/github/rubymine

Powered by JazzHR 6v75ds0EPt