Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

Staff Application Security Engineer

V

Vungle

Staff Application Security Engineer

San Francisco, CA
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    We are seeking a Manager, Application Security to join our diverse team in San Francisco. This expert will help secure, harden, monitor, and analyze Vungle's platforms and applications deployed on cloud infrastructure.

    ROLE/RESPONSIBILITY:

    • Help build, maintain and manage central security policies for our internal applications.
    • Oversee existing Cloud Infrastructure Security team. 
    • Implement SDLC best practices and tooling that include but are not limited to code reviews, static/dynamic code analysis and vulnerability assessments.
    • Work alongside Product & engineering teams to review product requirement documents and analyze application architecture from a security perspective. 
    • Proactively review drivers and 3rd party libraries being used in application code and provide a patching schedule as needed.
    • Provide hands-on help to engineers in updating application dependencies.  
    • Identify gaps in existing security architecture and design and recommend changes or enhancements
    • Analyze the latest attacker vulnerabilities and develop approaches to detect them across the company's diverse applications and endpoints.
    • Partner with engineering teams to integrate security controls into continuous integration, delivery and deployment processes 
    • Analyze security data and report on threats and incidents across various platforms and environments.
    • Research and design ways to achieve risk reduction objectives in creative ways, including expanding our current tool stack where appropriate.
    • Be the subject matter expert for Application Security, provide guidance and training to Engineering and Product teams

    REQUIREMENTS:

    • 5-10 years total tech experience with cloud security focus.
    • Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security 
    • Hands on experience in Threat Modeling, SAST, DAST, and Web application security including OWASP top 10, CWE top 25 and SANS 25
    • Experience with implementing a cloud based container vulnerability scanning tool.
    • Development experience in one or more of these technologies: javascript, python, golang
    • Hands-on experience in driving end to end security for cloud applications - scanning, pen testing.
    • Hands on experience with GO to assist developers identify security vulnerabilities. 
    • Experience as an application security practitioner in an Agile, CI/CD environment
    • BS degree in Computer Science, Information Technology or relevant field Highly Desired Skills.

    GOOD TO HAVE:

    • Cloud Security and Architecture related certifications (Amazon AWS Certified Solutions Architect - Professional, Amazon AWS Certified DevOps Engineer – Professional).
    • Familiarity with PCI, SOC2, SOX, and ISO standards.

    ABOUT VUNGLE:

    Vungle is the trusted guide for growth and engagement, transforming how people discover and experience apps. Mobile application developers partner with Vungle to monetize their apps through innovative in-app ad experiences that are inspired by insight and crafted with creativity. Advertisers depend on Vungle to reach, acquire, and retain high-value users worldwide. Vungle develops tools that include data-led buying and UX recommendations, ad format innovation, creative automation, and more. Vungle's data-optimized ads run on over 1 billion unique devices to drive engagement and increase returns for publishers and advertisers ranging from indie studios to powerhouse brands, including Rovio, Zynga, Pandora, and Microsoft. The company is headquartered in San Francisco and has offices around the world in London, Berlin, Beijing, Tokyo, Seoul, and Singapore. For more information, visit www.vungle.com or follow the company on Twitter @Vungle

    AGENCY AND THIRD PARTY RECRUITER NOTICE:

    Vungle does not accept unsolicited resumes from individual recruiters or third-party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or Recruiting Team. All candidates must be submitted via our Applicant Tracking System by approved Vungle vendors who have been expressly requested to make a submission by our Recruiting Team for a specific job opening. No placement fees will be paid to any firm unless such a request has been made by the Vungle Recruiting Team and such candidate was submitted to the Vungle Recruiting Team via our Applicant Tracking System.