Application Security DNA Software Engineer

Reference
KRK/SECENG
Closing date
01 Dec 2017
Hours
40 hours per week
Contract type
Full-time
Location
Krakow, Poland
Description

We are looking for highly motivated, self-starting software engineers to take on a full time role within a new “App Sec DNA” team.

The App Sec DNA Team

The App Sec DNA team (Application Security DNA) team will be responsible for providing central tools, libraries, expertise and guidance to make it easier and faster for dev teams to write and run secure systems.

To get a feel for the kinds of tasks that the team would get involved with see the nascent Application Security backlog. There are already many more tasks to add to this backlog.
For those not familiar with the App Sec role, you might be interested in watching Netflix’s App Sec Engineers talking at a hacker conference last year. The team define what they do at 8min 30sec in to the video.

What we’d like you to do

  • Evaluate, make recommendations for, and oversee implementation of centralised security tooling e.g.:
  • Static analysis tools
  • Dynamic analysis tools
  • Fuzz testing tools
  • Open-source library vulnerability detection and reporting tools
  • Security monitoring and alerting tools (in-house or third-party)
  • Help assess SDLC security gap risks, and propose remedies
  • Improve in house tools for reporting, exposing and auditing security activities (e.g. threat modelling, code reviews, security vulnerabilities found / fixed)
  • Author reference implementation security libraries for internal use
  • Research security best practices in other organisations
  • Keep abreast of new vulnerabilities and attack vectors, and associated countermeasures
  • Help penetration test new and existing applications
  • Help perform security focussed code reviews
  • Drive other tasks on the Application Security backlog

Working with

You would work in collaboration with the Security Chapter, development teams and Development Managers, Head of Architecture, Head of Security, and our Cloud Services team. 

Skill set

  • Self-starting, focussed on delivery
  • Desire to work with, and influence, other teams
  • Security awareness, including web application security awareness
  • Java, Python, or C#

If you are interested in above job opportunity please send your CV at krakowjobs@ocado.com

Job alerts