Sr. Application Security Engineer (United Kingdom)

at  Intermedianet Inc

ABOUT INTERMEDIA

Are you looking for a company where YOUR VOICE is heard? Where you can MAKE A DIFFERENCE? Do you THRIVE in a FAST-PACED work environment? Do you wake every morning EXCITED to work with GREAT PEOPLE and create SUCCESS TOGETHER? Then Intermedia is the place for you.
Intermedia has established itself as a leading provider of cloud communications and collaboration tech that allows companies to connect better. We have a strong track record of growth, profitability, and creating an environment where everyone matters. Everyone. While we are fast-paced and admittedly a bit intense, we promise that you won’t be bored. You will find Intermedia is a place where you can indulge your passion for creating and supporting great cloud technology. What’s more, we always look to promote from within and have many employees who have been with us 10, 15, and 20+ years!

ABOUT THE ROLE:

Intermedia has a wide portfolio of internally developed application software, ranging from web and desktop apps to lower-level PBX solutions. Due to the growing demand for integrating security activities into diverse development processes, Intermedia is looking for an experienced and self-motivated Application Security Engineer to help us deliver security built-in to our products.
As part of the Information Security global team, you will help lead our company wide application security program, helping the company build secure products. You will be the voice of security for all things related to application security to our spectrum of engineering teams. This is a chance to make your mark, leading the architecture and execution of our SDLC throughout the enterprise. This position is an individual contributor role, reporting directly to the SVP of Security.

WHAT YOU WILL BE DOING:

• Perform design and architecture review of new features, suggest security requirements
• Collaborate with DevOps and engineering teams, advising on security features and best practices in SDLC
• Utilize static security scanning tools, review findings and coordinate remediation actions
• Perform ongoing manual security assessments
• Review the results of external penetration tests and communicate suggested fixes to development teams
• Provide on-demand support on application security topics
• Drive process improvement ideas
• Assist with vetting and intake of defects from 3rd party security researchers via our Bug Bounty program

WHAT YOU WILL BRING TO THE ROLE:

• 4+ years of experience in the application security field
• Knowledge of secure coding best practices and industry standards (such as OWASP) and the ability to apply them to different programming languages
• Knowledge of SDLC and DevSecOps concepts and hands-on experience in implementing them
• Experience in using static and dynamic security scanning tools (such as Burp, ZAP, Snyk, SonarQube, Checkmarx and others)
• Knowledge of secure design principles and ability to architect and design secure software systems, considering security requirements and constraints
• 1+ years of experience in securing applications within cloud platforms (AWS, Azure, GCP) and containerized environments (Docker, Kubernetes)
• Ability to explain application security threats and mitigation options to both developers and project managers
• Good communication skills in written and verbal English
• Proactiveness and self-drive to move things forward with little or no supervision
• Strong sense of ownership, responsibility and drive
• Hands-on experience in integrating security testing tools within CI/CD pipelines