Application Security Engineer

At Onapsis we specialize in researching and developing IT security solutions to protect critical business applications, such as SAP and Oracle, of the world's largest companies and organizations.

About the tribe:

• Founded in 2009, with the room of one of our founders as the first office in Argentina, we became a company with a global presence with headquarters in Boston, and regional offices in Buenos Aires and Heidelberg.
• Our clients represent 20% of Fortune100 companies.
• We are top ranking of Great Place to Work in Argentina for more than 3 years.
• We are migrating to the cloud, respecting high levels of quality.

We pride ourselves of our inclusive culture and work as a team relying on all members of the tribe to succeed together. We are waiting for you to add value, learn and share your ideas (the crazier the better!). Help us hack everything that works ... and make it better.

We are looking for an experienced, passionate and creative Application Security Engineer to join our Product Security Team.

You’ll work closely with co-workers from various parts of the company creating innovative security software solutions used by some of the largest organizations of the world, offering input and suggestions from an engineering perspective. You have a solid understanding of computer science, software architecture, software-design patterns and testing that you’ll apply to the development of projects.

 Key activities and responsibilities:

• Pair development with the Engineering team, boosting secure coding and best practices.
• Designing and developing security automation capabilities into the Software Development Project life cycle.
• Conduct Threat Modeling on new product requirements.
• Conduct internal software security training.
• Conduct and design Incremental Security tests.
• Conduct platform security assessments and vulnerability patching
• Perform Security code reviews
• Verify reported vulnerabilities and exploits.
• Evaluate Security Releases and generate reports.

Required skills and aptitudes:

• 5+ years of technical experience with application security
• Understanding of the OWASP Top10 vulnerabilities
• Coding knowledge (Python)
• Intermediate spoken and written English level.
• Excellent written and verbal communication skills.
• Understanding of and experience with Software Development Project life cycle.

Desired skills and aptitudes:

• Practical experience on Threat Modeling.
• Knowledge of Penetration testing.
• Cloud infrastructure Principles (Basics)
• Hands on experience on penetration testing frameworks web/network.
• Understanding of Security Compliance and auditing (e.g., ISO 27001/27002, NIST 800-53, PCI DSS, CIS Critical Security Controls, etc.) is a plus

#LI-RB1
#LI-Remote