Application Security Engineer

 As we continue to innovate and grow, we’re looking for a Senior Application Security or Product Security Engineer to join our team and help us stay ahead of security threats while delivering high-quality, secure products.

Why Join Our Security Team:

We take a unique approach to security, prioritizing enabling our customers and empowering our teams rather than relying solely on traditional security gates. We integrate pragmatic risk decision-making into our product development lifecycle, offering clear, scalable, and secure-by-default solutions. As part of a forward-thinking team, you’ll have the opportunity to implement emerging security solutions to protect our products, employees, and customers.

This role will primarily focus on application and product security, threat modeling, including bug bounty management, incident response, vulnerability management, and automation. You'll also have the opportunity to expand into other areas of security, providing strategic guidance and leadership in securing our cloud-native applications.

How You’ll Ramp:

Within the first 30 days, you'll:

• Meet with the global security team to understand our security goals, attack surface, and ongoing initiatives.
• Partner with engineering, product management, and IT teams to familiarize yourself with Sisense’s technology stack, products, and current security posture.
• Begin assessing the security strengths and weaknesses of our products and identify opportunities for improvement.

By Day 30, you’ll:

• Conduct an initial security assessment of Sisense’s products using a mix of automated scanning and custom security testing.
• Provide actionable recommendations to improve security processes and controls.
• Review code and production changes to ensure no new security risks are introduced.
• Collaborate with key stakeholders to ensure compliance with regulatory requirements (SOC2, HIPAA, ISO, GDPR, CCPA).
  

By Day 60, you’ll:

• Lead security improvements in our cloud environments and collaborate with third-party penetration testing vendors.
• Perform targeted offensive security testing to identify and address vulnerabilities.
• Promote security best practices across the organization and advocate for better security in product development.

By Day 90, you’ll:

• Implement continuous monitoring systems to proactively identify security issues across code, applications, and infrastructure.
• Assist in driving issues identified during internal and external penetration tests to resolution.
• Help grow and manage our bug bounty program, leveraging hacker-powered security to improve product safety.
• Establish a culture of security within the organization, ensuring all employees understand and are capable of mitigating security threats.
• Lead initiatives in DevSecOps automation, vulnerability management, and risk reduction strategies.
• Drive enhancements in security testing tools (DAST, SAST, open source security scanning, container security) and improve the overall security posture.
• Collaborate closely with product teams to recommend and implement security-related product feature enhancements.

What You’ve Accomplished So Far:

• 6+ years of experience in application security, product security consulting, or a similar role, with hands-on expertise in cloud security (AWS, GCP, Azure).
• Strong experience in securing cloud-based infrastructure and container technologies (Docker, Kubernetes).
• Expertise in programming languages such as Python, Java, JavaScript, Go, and Ruby on Rails, with a deep understanding of secure coding practices (e.g., input validation, session management).
• Extensive experience in penetration testing, vulnerability assessments, and conducting threat modeling exercises.
• Hands-on experience with security scanning tools and secure development lifecycle processes.
• A strong track record of working with development teams to integrate security into the software development lifecycle, from CI/CD pipelines to runtime.
  
• Experience in driving security processes and educating developers on secure coding practices.
  

You Are:

• A strategic thinker who can influence at all levels of the organization and drive security initiatives across the product lifecycle.
• A leader who can mentor and guide teams to integrate security seamlessly into product development processes.
• Experienced in making tough security decisions, balancing risk with business needs, and ensuring that security is an enabler of growth.
• A clear communicator with the ability to articulate security risks and solutions to both technical and non-technical stakeholders.
• Passionate about creating a security-first culture and promoting best practices across teams.
• Experienced in using data-driven approaches to identify security risks and track progress towards mitigation.

Nice-to-Have:

• Familiarity with GraphQL and experience with securing API-driven applications.
• Experience integrating security tools within the CI/CD pipeline.
• Knowledge of securing software development lifecycles, including automated and manual application security testing and source code reviews.

About Sisense:

We are a radically innovative BI company, redefining business analytics. We empower over 2,000 global customers, including leaders like Expedia, Flexport, Nasdaq, GE, Philips, and Tinder. Recognized in Gartner’s Magic Quadrant for Analytics and Business Intelligence, we foster a culture of continuous improvement, learning, and innovation. Our employees are driven by a shared mission to create actionable insights for businesses of all sizes.

We value diversity, creativity, and a growth mindset, and we’re constantly working to improve both our products and our company culture. If you are passionate about application security and eager to make a significant impact in a rapidly growing company, we’d love to hear from you.