Senior Application Security Developer at atVenu

Calgary, Alberta, Canada -

Full Time

Start Date

Immediate

Expiry Date

13 Jun, 26

Salary

0.0

Posted On

16 Mar, 26

Experience

5 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

Ruby On Rails, React, Vulnerability Management, PCI DSS, SOC2 Compliance, Security Audits, Penetration Tests, Code Reviews, Incident Response, Threat Modeling, Security Logs Analysis, Phishing Campaigns, Vendor Management, Threat Intelligence, Networking Security, AWS

Industry

Software Development

Description

Senior Application Security Developer - Job Description Reports To: Development Manager, Engineering & Security Location: Ideally in the Calgary area; can be remote/hybrid About the Job: With atVenu's accelerated growth, we need a Senior Application Security Developer to join the team. The successful candidate will be an adept Rails/React developer who enjoys looking backwards, refactoring legacy code to fix vulnerabilities, while keeping an eye towards the future developing new infrastructure features. They will have familiarity with PCI, GDPR, and SOC2 compliance/regulatory standards, and will have a keen interest in staying abreast of emerging security threats. They will be considered a subject matter expert in the field of software security and will be motivated to work collaboratively across teams, raising overall awareness of software security on a busy engineering team. Experience leveraging AI tools in software engineering and security would be nice to have. Our Tech Stack: Front End: React Native, React, JavaScript Backend: Ruby, Rails, GraphQL, PostgreSQL, Redis, CouchDb Cloud Platform: AWS Tools: GitHub, Sidekiq, Docker What You'll Do: Help shape our maturing security vulnerability management program, in support of our PCI DSS and SOC2 security compliance obligations Participate in vulnerability assessments, security audits, penetration tests and manual inspection Complete security code reviews with the use of scanning tools and manual inspection Support incident response and architecture review processes when application security expertise in required Integrate threat modeling practices into the product development life cycle Review/analyze security logs/reports from a variety of sources; propose/implement recommendations for improvement Conduct real time tactical management of security events in collaboration with compliance and engineering teams Create and execute phishing campaigns inclusive of ongoing review/analysis/risk prioritization authentic phishing emails Support Vendor Management activities to ensure security standards are adhered to What You'll Bring: 8+ years of developer experience, with at least 3 of those years specialized in security vulnerability management Proficiency with Ruby on Rails and React Proven experience in mobile application development (IOS/Android) Direct experience with enterprise server platforms, virtualized technology and cloud operations (AWS, Docker) Expertise in employing analytics/threat intelligence techniques, incident response process and software security Deep knowledge of compliance and privacy management across North America and Europe Experience in the use of development and testing tools iwth strong knowledge of networking security Excellent communicator capable of explaining vulnerabilities and weaknesses, and discussing effective defensive techniques to technical/non-technical team members Nice to Have: Programming experience in: unix/mac, javascript/ruby/shell reactjs/react-native/graphql/rest/rails/sidekiq/postgres/couchdb/redis strip/heroku/aws/github/rubymine

Responsibilities

The role involves shaping the security vulnerability management program to support compliance obligations, participating in security assessments, and completing security code reviews using scanning tools and manual inspection. Responsibilities also include supporting incident response, integrating threat modeling into the development lifecycle, and managing security events in collaboration with other teams.