Staff Application Security Engineer

Posted 20 Days Ago
Easy Apply
Be an Early Applicant
27 Locations
Remote
Mid level
Artificial Intelligence • Cloud • Software • Database
EDB, the leading Postgres Data & AI Platform, unleashes the power of Postgres for transactional, analytical, and AI work
The Role
The Staff Application Security Engineer will lead the transformation of security and development processes, focusing on identifying and mitigating vulnerabilities within the secure software development lifecycle. Responsibilities include supporting application security services, enhancing product security, managing vulnerabilities, producing security metrics, and collaborating with engineering and InfoSec teams.
Summary Generated by Built In

A Little About Us

EDB provides a data and AI platform that enables organizations to harness the full power of Postgres for transactional, analytical, and AI workloads across any cloud, anywhere. EDB empowers enterprises to control risk, manage costs and scale efficiently for a data and AI led world. Serving more than 1,500 customers globally and as the leading contributor to the vibrant and fast-growing PostgreSQL community, EDB supports major government organizations, financial services, media and information technology companies. EDB’s data-driven solutions enable customers to modernize legacy systems and break data silos while leveraging enterprise-grade open source technologies. EDB delivers the confidence of up to 99.999% high availability with mission critical capabilities built in such as security, compliance controls, and observability. For more information, visit www.enterprisedb.com

**Candidate Note: This position is 100% remote for candidates based in Germany, Italy, Spain or France only**

As an Staff Application Security Engineer at EDB you will report directly to the Director of Information Risk Management as a trusted member of the CISO staff. Your role leads the transformation of the security and development processes within EDB, helping the organization identify, repair and protect against vulnerabilities throughout a secure software development lifecycle (SDLC). You are responsible for understanding multiple security frameworks, translating objectives, partnering with stakeholders and promoting best practices across all EDB products. The ideal candidate must be comfortable working in a global environment that supports flexible work schedules, and a distributed security model. Whether you are looking to expand autonomy in your role, build a new security foundation, or just needing a change of pace this role is for you!
What your impact will be:

  • Support the development and implementation of EDB’s application security services to be consumed by product teams and within our global infrastructure. 
  • Serve as an expert on application security frameworks and objectives by assisting owners as they define new control activities and seek maturity in their development processes
  • Build tools, processes and solutions that improve the security of EDB’s products and data
  • Collaborate with internal engineering stakeholders on addressing systemic security issues
  • Grow and mature relationships with internal security SMEsin a way that bridges the gap between product teams and information security 
  • Support Vulnerability Disclosure Program, triage, assess and analyze vulnerability reports submitted through the VDP, prioritizing them based on severity, risk, and exploitability.
  • Coordinate vulnerability remediation, Work with internal development teams to reproduce, validate, and prioritize vulnerabilities. Facilitate timely patch development and deployment, ensuring efficient resolution.
  • Produce application security metrics that demonstrate a continually improving application security posture
  • Partner with InfoSec Program Management on the roadmap and execution of security initiatives.
  • Support and manage EDB’s Vulnerability Disclosure program 
  • Proficiency with threat modeling frameworks such as STRIDE, DREAD, PASTA, or OCTAVE.
  • Experience with threat modeling tools, especially the process of selecting and implementing a new tool to partner with a new threat modeling process.
  • Experience with Open Source Software (OSS) including familiarity with various open source licenses like MIT, GPL, Apache etc. 
  • Experience with implementation of security best practices related to securing the software supply chain, including patch management, vulnerability scanning, package management and tooling.

What you will bring:

  • Extensive experience working with developers and driving application security standards
  • Experience securing CI/CD pipelines enabling strong security controls through the implementation of commercial and custom built tooling
  • Conduct application design reviews and support the development of compensating security solutions
  • Drive the integration of secure development standards, tools, and processes into the development lifecycle
  • Experience in threat modeling frameworks and processes
  • Experience performing code audits on internal and open source libraries 
  • Experience with DAST, SAST, SCA as well as manual testing techniques
  • Ability to demonstrate strategic thinking beyond the specific responsibilities of the role
  • Effective communication skills with the ability to translate technical concerns into business risk impacts
  • Personal management of multiple projects, security events and incidents as required for the role
  • Seek to understand, lead with a collaboration first approach
  • Experience assessing technical footprints found within on-prem and cloud environments
  • Strong experience in NIST 800-218 SSDF, BSIMM, Owasp SAMM,  or similar frameworks

What will give you an edge:

  • RedTeam knowledge and experience
  • Experience performing security code reviews
  • Experience with IaaS cloud infrastructure, Infrastructure as code,  kubernetes container technologies, and software-oriented architecture
  • Knowledge of the MITRE ATT&CK Framework and attack chains
  • Experience building and operating security tools in Multiple Operating Systems and various languages (C, Go, JavaScript, Python, Ruby, etc)

EDB is committed to supporting our employees' overall well being by offering a range of benefits and resources to promote a healthy work-life balance and wellness. We provide access to CuraLinc to aid employees in health and wellness tips and practices, as well as Wellness Fridays extending to December 2024! Check out our career site for more information on perks and benefits and reach out to our Talent Acquisition team for region specific benefits.

We know it takes a unique mix of people and skills to help us in our mission to supercharge Postgres, and we understand that not everyone will check every box. We’d love to hear from you and we want you to apply!

EDB is proud to be an equal opportunity workplace. We celebrate diversity and are committed to creating an inclusive environment for all employees. EDB was built on a commitment to trust and respect each other and to embrace an array of people and ideas. These values remain at the center of our culture and are key to our company’s integrity. 

EDB does not seek or accept unsolicited resumes or CVs from recruitment agencies. EDB and its affiliates are not responsible for, and will not pay, any fees, commissions, or any other similar payment related to unsolicited resumes or CVs except as required in a written signed agreement between EDB and the recruitment agency or party requesting payment of a fee.

#LI-Remote #BI-Remote

Top Skills

Application Security
Security Frameworks
Threat Modeling
Vulnerability Management

What the Team is Saying

Jason
Kanchan
Aislinn
Richard
The Company
804 Employees
Remote Workplace
Year Founded: 2004

What We Do

EnterpriseDB (EDB), the leading Postgres Data & AI Platform, unleashes the power of Postgres to transactional, analytical, and AI workloads with unified governance and management. Built on the most extensible database, EDB extends Postgres to more workloads and supercharges it with built-in intelligence to optimize performance, cost, collaboration, governance and security. Now customers can manage more workloads from a single platform for database, data warehouse, data lakes and AI workloads from cloud to on-prem. EDB makes innovation possible for the world’s most powerful companies.

Why Work With Us

We thrive in an open environment, free from hierarchy and bureaucracy, where driven, smart, passionate, engaging people make EDB an inspiring and fulfilling place to work. We collaborate across 30+ different countries and allow people to be their authentic selves everyday. You'll get to work with kind and caring people who enable your success.

Gallery

Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery
Gallery

EDB Offices

Remote Workspace

Employees work remotely.

We are a 100% remote company where our team members have the opportunity to work right at home in their bunny slippers on their own schedules.

Typical time on-site: None
US

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account