Application Security Engineer

Application Security Engineer

Job Description

We are looking for passionate engineers to help us safeguard a platform that helps millions of people around the world create websites, stay in touch with friends and family, and run businesses online and be a part of our cloud transformation.

As an Application Security Engineer, you’ll be working with teams across the organization to guide secure architecture, design, and implementation. To aid with this, you will be constructing guardrails and paved paths that empower engineers to make informed security decisions.

Our core customer applications and product platforms include large-scale web hosting, ecommerce, and email services. We face an ever-changing threat landscape and need you to help us solve large-scale, complex problems that have real impact for our customers, our products, and for the larger Internet community.

What you’ll do & how you’ll make your mark

Review architecture and code and provide security guidance

• Review source code against secure coding best practices and contribute
  security requirements.
• Perform threat modeling and risk assessments for new and existing applications
• Collaborate with product managers, designers, and engineers to threat model
  and architect secure and resilient systems

Create a paved road for engineers to build securely

• Help build the platform that ensures software development at Newfold is safe,
  easy, and low-risk.
• Work with teams to develop solutions to common problems such as secrets management, remote access, supply-chain security, etc
• Work with subject matter experts to develop reference architectures and infrastructure as code with security built in

Cultivate and promote a security culture

• Champion an internal security culture.
• Help engineers understand how security events impact them.
• Work closely with development teams to integrate security best practices into the SDLC
• Provide guidance and training on secure coding practices and application security
• Collaborate with IT professionals to harden systems and applications

Who you are & what you’ll need to succeed

Required qualifications:

• Ability to clearly communicate security topics and vulnerability classes (e.g.
  OWASP Top Ten) and provide actionable direction to product teams.
• A record of partnering with internal engineering teams to tackle security
  problems across an entire stack with empathy and creativity.
• Hands-on experience in software engineering projects. We primarily develop in
  Java, Python, JavaScript, SQL, and Perl.
• Working knowledge of modern development concepts (virtualized
  environments, containerization, continuous integration + delivery).

Preferred qualifications:

• 3 or more years of experience in application security or product security roles
• Experience with cloud security and containerization technologies
• Working knowledge of network architecture and system architecture, including
  cloud infrastructure
• Knowledge of DevSecOps practices and CI/CD pipelines
• Familiarity with threat modeling methodologies and risk assessment frameworks
• Experience building or reviewing threat models and ability to craft malicious
  user, attacker, and abuse/misuse cases.

Why you’ll love us.

• We’ve evolved: We provide three work environment scenarios. You can feel like a Newfolder in a work-from-home, hybrid, or work-from-the-office environment.
• Work-life balance: Our work is thrilling and meaningful, but we know balance is key to living well.
• We celebrate one another’s differences: We’re proud of our culture of diversity and inclusion. We foster a culture of belonging. Our company and customers benefit when employees bring their authentic selves to work. We have programs that bring us together on important issues and provide learning and development opportunities for all employees. We have 20+ affinity groups where you can network and connect with Newfolders globally.
• We care about you : At Newfold, taking care of our employees is our top priority. We make sure that cutting edge benefits are in place for you. Some of the benefits you will have: We have partnered with some of the best insurance providers to provide you excellent Health Insurance options, Education/ Certification Sponsorships to give you a chance to further your knowledge,Flexi-leaves to take personal time off and much more. Building a community one domain at a time, one employee at a time. All our employees are eligible for a free domain and WordPress blog as we sponsor the domain registration costs.
• Where can we take you? We’re fans of helping our employees learn different aspects of the business, be challenged with new tasks, be mentored, and grow their careers. Unfold new possibilities with #teamnewfold!

This Job Description includes the essential job functions required to perform the job described above, as well as additional duties and responsibilities. This Job Description is not an exhaustive list of all functions that the employee performing this job may be required to perform. The Company reserves the right to revise the Job Description at any time, and to require the employee to perform functions in addition to those listed above.