BrainRocket

Role Description We invite a Senior Application Security Engineer to join our team remotely. Please note: This will be a Service Agreement. We do not assist with visa sponsorship. - Demonstrated ability to collaborate with other teams to achieve complex objectives. - Responsible for security architecture design from cloud infrastructure to application through the implementation of "secure by design" principles. - Collaborate with product managers, architects, and developers on the implementation of the security controls platform ecosystem and products. - Proof security implementations within infrastructure and application deployment manifests and the CI/CD pipelines. - Define required policies, controls, and capabilities for the protection of products and environments. - Build and validate declarative threat models automation. - Participate in engineering teams’ product planning cycles and committees. - Oversee the product security aspects for migration of products and services from Data Center to public cloud, e.g., AWS. - Serve as a trusted cyber security advisor to product and application teams. Qualifications - Experience integrating security scanning/tooling into the development pipeline. - Experience in analysing and securing microservices and applications developed using JavaScript and Typescript. - Experience with CI/CD pipelines (such as Gitlab, Jenkins) and infrastructure-as-a-code models (such as Terraform, Helm, or CloudFormation). - Hands-on development experience in Python/shell scripting. - Strong understanding of supply chain security, software integrity, and secure software delivery. - Experience with Docker and mesh technologies (such as ISTIO). - Experience with architecture and security reviews, threat modelling, and application risk is highly desired. - Experience working with Agile methodologies. - Knowledge of privacy laws and regulations, such as GDPR desired. - Familiarity with industry regulations, frameworks, and practices. For example, PCI, ISO 27001, NIST, etc. Requirements - In-depth experience with architecting secure services on Kubernetes. - Extensive experience with architecting secure services on AWS or on-prem data centers. - Security-related professional certifications e.g., CISSP, CISM, CCSK, CCSP, CEH, are highly desirable. Benefits - 20 vacation days annually. - 6 sick days without a medical certificate. - Corporate events: international parties, team buildings, activities. - Career growth opportunities in a fast-growing company.