As an Application Security Engineer will be contributing to improve the security within the SDLC by identifying and implementing appropriate security controls such as training the teams in secure development practices, implementing SAST flows and growing security testing capabilities.
You'll be the POC for AppSec for development and operations teams.
Key accountabilities :
- Develop and implement security protocols for our applications and services.
- Write and maintain security tooling and automations.
- Conduct regular security assessments and recommend improvements.
- Collaborate with the development team to ensure the application designs are secure.
- Assist with security incidents and provide post-event reports and analysis.
- Stay up-to-date with the latest security trends and countermeasures.
Minimum Qualifications :
- Bachelor's degree in Computer Science, Information Technology or a related field and 3 years of experience, or 5+ years of experience in application security or product security related roles.
- Strong knowledge of a programming language (Python, Javascript, Go, etc.).
- Experience with writing and maintaining security tooling and automations.
- Deep understanding of application and network security.
- Deep understanding with Threat Modeling methodologies and processes
- Ability to work independently and manage multiple tasks simultaneously.
- Excellent problem-solving skills and attention to detail.
Preferred Qualifications :
- AWS or GCP Architect certification (AWS Certified Solutions Architect, Professional Cloud Architect)
- Familiarity with DevSecOps and agile methodologies.
- Knowledge of cloud security best practices.
- Security certification, such as OSCP, CSSLP, CASE, etc.
- Experience in working with security frameworks like OWASP, SANS, NIST, or CIS.
- Proficiency in secure coding practices and a familiarity with static code analysis tools.
- Knowledge of encryption algorithms, secure communications, and data protection.
- Hands-on experience with implementation of Application Security Architecture and Controls (Web-Application Firewalls, SAST, DAST, SCA, etc.
in hybrid environments.
LI-MT1
LI-Hybrid
About Media.Monks :
Media.Monks is the purely digital operating brand of S4Capital plc that connects 8,600+ digital natives across one global team.
We are united by a mission to shift industries forward and pave the path towards ambitious outcomes so our clients and our people can realize their full potential for growth.
Our unified model combines solutions in media, data, social, platforms, studio, experience,
brand and technology services to help our clients continuously reinvent themselves throughout increasingly rapid cycles of disruption.
Our efforts to shape culture, build innovative technologies and unlock the future of growth have earned recognition from numerous esteemed panels : we maintain a constant presence on Adweek's Fastest Growing lists (2019-22), regular recognition at Cannes Lions, inclusion in AdExchanger's Programmatic Power Players (2020-23), the title of Webby Production Company of the Year (2021-23), a record number of FWAs, and have earned a spot on Newsweek's Top 100 Global Most Loved Workplaces 2023.
Together, these achievements solidify our experience in digital innovation, excellence in craft, and commitment to personal growth.
While we continue to grow our teams,
please be mindful of fraudulent job postings and recruiting activities that may use our company name and information.
Please be mindful to protect your personal information, especially your national identification number, and bank account information during a recruiting process.
While Media.Monks may reach out to potential candidates via LinkedIn, we will always ask applicants to apply through our website () and will never ask for payment or bank account information during the recruitment process.
Disclaimer :
Responsible for resourcing and implementing security controls for your teams processes and systems
Responsible that all your personnel apply information security in accordance with the established information security policy
