Sr. Application Security Engineer

See more jobs from LogicMonitor, Inc.

about 2 years old

This job is no longer active

About Us:  

LogicMonitor is the leading fully automated, cloud-based infrastructure monitoring and observability platform for enterprise IT and managed service providers.

We love going to work and think you should too. We are customer-obsessed, work as one agile team, and strive to be better every day while building trust.  These are our core values. So it's no surprise that we work hard and genuinely have fun working with each other as we expand our global presence and achieve record-breaking success.

This position can be remote, offering you the flexibility to work out of your home full-time. You'll have easy access to and support from your manager and frequent video meetings to keep you plugged into your team. If you are traveling to the area, we invite you to take advantage of our space if you would like to work in an office environment.

LogicMonitor is an equal opportunity employer. We’re committed to creating an inclusive environment for all our employees, where different backgrounds and perspectives are valued and encouraged - regardless of race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. We encourage all people to come as they are.

We operate with integrity, esteem diversity, and treat each other fairly and with respect. We strive to find our own versions of personal and professional harmony through community building and holistic growth. We hear time and time again that our awesome people are a huge part of why LMers chose LogicMonitor, love their teams, and choose to stay.

To learn more about life at LogicMonitor, check out our Careers Page.

What You'll Do:

LogicMonitor is disrupting the observability market and changing the way businesses take disparate sources of data and turn it into action. We are already a leader in this space - and we started by solving the hardest, most complicated problem first. With roots in the IT Infrastructure Monitoring space, we are on an evolutionary journey heading toward what’s next - unified observability. Our platform enables enterprise resiliency through data insights from the infrastructure, network, and application. As we enter this next phase of growth, we are in search of a Sr. Application Security Engineer.

As the Sr. Application Security Engineer you will help drive and evolve our DevSecOps processes. You will be instrumental in analyzing/investigating/validating the security of the engineering development owned applications (SaaS application which is micro-service based and primarily runs on K8s). You will work in tandem with a global software engineering team, mentoring them on security concerns, as well as proactively helping to educate our dev teams. You will partner with our Application Security Architect & fellow Application Security Engineers, as well as our InfoSec and Tech-Ops teams to establish best practices, tool selection, issue resolution, and most importantly help us create a comprehensive and proactive DevSecOps process. 

Here's a closer look at this key role:

AppSec Analysis/Validation/Testing

  • Assist in onboarding components into automated AppSec testing prioritization by collaborating with relevant team stakeholders
  • Review findings  to determine “True Positives” vs. “False Positives”
  • Create automated reporting around application components which exists vs. which have Veracode scans, to determine coverage percentages
  • Expand usage of AppSec testing tools across the organization
  • Utilize DAST tools to perform testing for each product release cycle
  • Assist in Development remediation discussion and prioritization for Penetration Test findings
  • Coordinate with other Application Security Engineers to ensure consistent unified processes, and resolve common issues

AppSec Dev Design/Architecture review

  • Assist in Threat Modeling discussions
  • Assist in Security projects and research work on an as-needed basis

AppSec general

  • Provide feedback on process improvements for the SDLC pipeline
  • Work with internal development teams to socialize and enhance reference documentation

What You'll Need:

  • 7+ years experience with software development security
  • Intimate knowledge of the OWASP Top 10 / CWE Top 25 software vulnerabilities and how to address using defensive coding
  • Background in SaaS delivery model, and threats specific to SaaS applications (ideally having served in a similar position before for a SaaS company )
  • Familiarity with application security maturity frameworks such as OWASP SAMM  and/or BSIMM
  • Direct experience with Java. Familiarity with Python & Go
  • Familiar with Docker, K8s.
  • Experience with managing/understanding Open Source security risks.
  • Familiarity with application security analysis methodologies such as SAST, DAST, and SCA
  • Familiar with AWS security model

#LI-PR1
#LI-REMOTE

Residents of California, click Here to view our California Applicant Privacy Notice.