"Alerted.org

Job Description

Area Description

The Cybersecurity team at GFiber leads the protection of our networks, systems, and data from

advanced threats. We champion the effort to ensure GFiber delivers internet services securely,

embedding security into the core of our offerings and making the secure path the default path

for our developers and customers.

This Senior Application Security Engineer position is a key role within the Cybersecurity team,

dedicated to proactively integrating security throughout the software development lifecycle

(SDLC). You will be at the forefront of designing, building, and deploying secure applications,

ensuring the resilience and trustworthiness of GFiber's services. This role is critical in maturing

our application security program and fostering a security-first engineering culture.

Role Description:

As a Senior Application Security Engineer, your mission is to ensure GFiber develops and delivers secure services and applications to our customers. You will achieve this by embedding security best practices, tools, and knowledge directly into our development processes and teams. You'll leverage your deep expertise in application security, secure coding practices, threat modeling, and automated security testing to empower our engineering teams. Your work will enhance our ability to design, build, and deploy secure applications effectively from the ground up.

We are a company committed to creating inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity employer that believes everyone matters. Qualified candidates will receive consideration for employment opportunities without regard to race, religion, sex, age, marital status, national origin, sexual orientation, citizenship status, disability, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] . The EEOC "Know Your Rights" Poster is available here (https://www.eeoc.gov/sites/default/files/2023-06/22-088\_EEOC\_KnowYourRights6.12ScreenRdr.pdf) .

To learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy: https://insightglobal.com/workforce-privacy-policy/ .

Skills and Requirements

In this role, you'll:

Champion Secure by Design Principles: Lead the integration of security into all

phases of the software development lifecycle (SDLC), from design and threat modeling

to secure coding, testing, and deployment, ensuring the "default path" is the secure path

for application development.

Leading Application Security Initiatives: Drive key projects to enhance GFiber's

application security posture, including the development of security standards, secure

coding guidelines, and the implementation of advanced security testing methodologies.

Driving Automation and Tooling: Design, implement, and optimize automated security

tools (SAST, DAST, SCA, IAST) and integrate them into CI/CD pipelines to provide rapid

feedback to developers and accelerate secure software delivery.

Evolving Threat Modeling and Security Reviews: Establish and lead threat modeling

efforts for new and existing applications, conduct in-depth security architecture reviews,

and perform manual and automated code reviews to identify and mitigate vulnerabilities.

Innovation and Mentorship in Security: Research, evaluate, and implement innovative

application security technologies and practices; act as a subject matter expert and

mentor to development teams, fostering security awareness and secure coding skills

across the organization.

At a minimum we'd like you to have:

Bachelor's degree in Computer Science, Information Security, a related field, or equivalent practical experience.

A minimum of 7 years of dedicated experience in application security, including hands-on

experience with secure SDLC practices, threat modeling, vulnerability assessment, and

penetration testing.

Proficiency in one or more programming languages (e.g., Java, JavaScript, Kotlin) and

experience with code review.

Strong experience with application security tools and technologies (e.g., SAST, DAST,

IAST, SCA, WAF). It's preferred if you have:

Demonstrated success in developing, implementing, and maturing an application

security program or significant security features.

Experience building and deploying security solutions in GCP (Google Cloud Platform).

Deep understanding of common application vulnerabilities (e.g., OWASP Top 10, SANS

Top 25), attack vectors, and remediation techniques.

Experience in developing and delivering security training and awareness programs to

engineering teams.

Relevant security certifications (e.g., CISSP, CSSLP, GWAPT, GWEB, OSCP) null

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal employment opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment without regard to race, color, ethnicity, religion,sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military oruniformed service member status, or any other status or characteristic protected by applicable laws, regulations, andordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or the recruiting process, please send a request to [email protected].