Sr. Application Security Engineer - US Remote

Who are we?
Our technology is built on the idea that everyone should work from anywhere, at any time, and on any device. It's a simple philosophy that guides everything we do — including how we work. If you're an engineer with a passion for cloud security & governance, we'll give you plenty of ways to test your skills in cutting edge technology. We want employees to do what they do best every day. Be bold. Take risks. Imagine a better way to work if this sounds like you; then we'd love to talk.

What you'll do?
We’re looking for a highly motivated security engineer to join the OutSystems Product Security team to build modern security services via APIs and programmatically while continuing to build and secure the foundation of today. We need a hands-on Security Engineer with technology in researching, crafting, and implementing capabilities and defenses to secure and protect OutSystems Services and Cloud infrastructure.

As a Cloud and Application/product Security Engineer, you will be crucial in driving and integrating secure coding and SDLC efforts; including secure code reviews, threat modeling security reviews, penetration testing, and application scanning processes. You will partner with your fellow security engineers to keep OutSystems growing while keeping us secure!

Basic Qualifications:

• 5+ years industry experience in secure software development and threat modeling
• Proficient in at least 1 programming language such as JavaScript, Python, C/C++, Java, Rust, or Go
• Hands-on experience with databases and query design is a plus
• Excellent engineering-level understanding of web applications, web servers, layer 7 application technologies, frameworks, and protocols
• Superb communication skills, with the ability to influence at all levels of the organization, are essential to success
• Experience, automated and manual secure coding, software development, cryptography.
• 5+ years of experience performing web application security testing
• Deep experience with one of the big 3 clouds (AWS, Azure, GCP)

Preferred Qualifications:

• Mentor junior members of the team and act as a subject matter expert for application and cloud security and excellent written and verbal communication skills
• Possess self-drive to keep moving things forward even in the face of ambiguity and imperfect knowledge (avoid analysis paralysis)
• Strong sense of ownership, urgency, and drive and sharp analytical abilities and proven design skills
• In-depth knowledge of web and mobile security standards and best practices (OWASP, etc.)
• Strong foundation in core information security principles and concepts (HTTPS, TLS, OAuth, etc.)
• Experience with audits and standards requirements such ISO 27001, PCI DSS, SOC 1 & 2, NIST.
• Hands-on experience implementing event-driven security automation using a secure SDLC pipeline.
• You will establish and maintain thorough and accurate documentation as a code of all work.
• Have a solid understanding of software vulnerability management automation and remediation
• Hands-on experience securing cloud workloads and container technologies.
• Requires a University Degree or equivalent experience and a minimum of 5+ years of prior relevant experience
• CISSP/CEH/CPTE/OSCP
• SAFe - Scaled Agile Framework for Enterprise

What can you expect from OutSystems:

• The possibility to disrupt the software development market
• A company that cares about employees wellbeing and provides a safe and comfortable work environment, even during adverse times
• A world-class software engineering team with peers and leaders that are inspired to learn and share what they know
• A fast-growing company that provides many opportunities for you to grow
• Fun from day one: a relaxed work environment, colleagues from diverse backgrounds and with a diverse range of interests, fun company events

Curious about OutSystems culture? Find out more in The Small Book of the Few Big Rules.