Datasite is the industry leader in technology solutions that enable mergers, acquisitions, initial public offerings, restructuring and other critical capital transactions in more than 170 countries. We provide the world's leading investment banks, private equity firms, law firms and corporations with tools to simplify, streamline and accelerate the due diligence process, helping them close more deals, faster. We are a global team of high-energy, passionate people. We have strong individual voices but we work as a team, bringing out the best in each other. We thrive under pressure and always keep the customer at the heart of everything we do.

Job Description:

The Application Security Engineer, Senior performs the role of subject matter expert on implementing and testing of secure systems and architecture requirements, performing architecture security and design reviews, and recommending secure solutions to protect Datasite's application, infrastructure and information assets across the enterprise in a way that is consistent with Datasite information system security standards.

Essential Duties and Responsibilities

• Develop security stories and requirements by analyzing feature stories/ epics from backlogs.
• Collaborate with Product Mangers, Scrum Masters, and Application Architects identifying and injecting security requirements into Acceptance Criteria of epics/ stories.
• Conduct Threat Modelling on various components of application solutions.
• Hands-on coding on various security use cases into developers' unit, integration, Capybara/Selenium, and API testing.
• Advocate using IDE security plugins that scans code for security bugs on developers' machine.
• Perform security testing via Static, Dynamic or Interactive tools and rule-out false positives.
• Review, analyze, and help on re-test various Pen Testing items.
• Collaborate with DevOps engineers and be hands-on on developing security features/ controls/ tests as infrastructure-as-code in CI/CD pipeline.
• Research and monitor emerging security technologies, understand current industry and technology trends and opportunities, and assess their impact to the business.
• Collaborate and consult with cross functional IT teams and business partners to identify risks, develop technical standards, specifications, guidelines, and implement appropriate information security controls.
• Provides appropriate security guidance and answer technical and procedural questions for less experience team members; teaching improved processes and mentoring of team members knowledge transfer to design and implement appropriate safeguards.

PMO and Project Life Cycle (PLC) interface:

• Collaborate with the PMO and Scrum Masters to ensure technical security architecture requirements are included in projects/ Stories.
• Ensure that individual projects remain aligned with security strategies, architectural designs and standards through governance oversight and mentoring.
• Ensure consistency of architectural and technical solutions across projects.
• Ensure that internally developed and vendor applications comply with industry best practices for coding including coding standards, design & code walkthroughs and pre-production testing.

Enterprise Architecture (EA) interface:

• Build relationships and maintain effective communications with the lead architects and development groups throughout the organization
• Ensure projects comply with security related Enterprise Architecture policy and standards.
• Collaborate with IT leadership and architecture/development teams to establish standards, policies, and procedures.
• Collaborate with IT leadership and other architects to ensure solution patterns, technologies and toolsets align with long-range strategic plans and budgets.
• Collaborate with other architects to define and promote architecture processes, outcomes, and results to the organization, including IT and business leaders

Minimum Education

• Bachelor's degree in Computer Science or related information technology field.
• Preferred having security related certification - CISSP, CCSP, GSEC, SANS GIAC or equivalent.
• Experience and Knowledge of ITIL, ISO, SDLC, SCRUM
• Two years professional project management experience preferred

Minimum Experience

• Passionate about Application Security
• Minimum of 7 years of IT Security and/or Security Architecture experience Bachelor's degree and CISSP, CCSP, GSEC, SANS GIAC or equivalent System / OS hardening standards and methodologies
• 5+ years in Application Development with focus on security on Java, .Net, AngularJS, Spring Boot framework, MongoDB, SQL Server etc.
• Knowledge of OWASP Top 10 and vulnerability management
• Experience in cloud computing based services architecture, technical design, and implementations including IaaS, PaaS, and SaaS delivery models
• Preferrably experience with setting up Secure Cloud configurations (Azure, AWS etc.)
• Application security architecture concepts, security requirements, security testing method

• Demonstrated knowledge of SDLC and secure coding practices
• Experience working with Agile/Scrum software development practice
• Experience in working in DevSecOps culture
• Knowledge and/or experience in Micro Service based Architectures, Cloud Foundry, cloud computing security, encryption and key management on Cloud platforms,
• Experience in static application security testing, dynamic application security testing, interactive application security testing, and penetration testing methodology, techniques and tools
• Experience in Threat Modeling applications developed using micro-service based architecture
• Knowledge in API Security and testing
• Security knowledge on containers (e.g. Dockers, Diego Cells etc.)
• Database security configuration knowledge (MongoDB, Oracle, SQL)
• Exposure to security issues within a regulated environment (HIPAA, SOX, GLBA, PCI, FIPS-140).

Additional Requirements

• Strong communication and interpersonal skills and ability to operate in a matrixed environment
• Strong team player
• Process oriented and strong documentation skills
• Ability to interact with internal/external clients/customers in a professional manner
• Miscellaneous duties as assigned