Principal Application Security Engineer I

Principal Application Security Engineer I

Outseer Fraud Manager is an advanced, omnichannel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine, Outseer Fraud Manager is designed to measure the risk associated with a user's login and post-login activities by evaluating a variety of risk indicators. Using powerful machine learning and fine-grained policy controls, this anti-fraud hub only requires additional assurance, such as out-of-band authentication and transaction signing, for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users, ensuring a frictionless end user experience and high fraud detection rates.

As a Principal Application Security Engineer, you will drive the development and implementation of advanced security practices, policies, and frameworks to ensure the integrity and confidentiality of our applications. Your deep technical knowledge, combined with your leadership skills, will guide our organization in effectively managing and mitigating application security risks while fostering a culture of security excellence.

• Provide principal leadership to the application security program, helping set the strategic direction, goals, and objectives to enhance the overall security posture of our applications.
• Develop and implement advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes.
• Conduct in-depth application security assessments, including code reviews, architecture reviews, and penetration testing, to identify and remediate complex security vulnerabilities and risks.
• Collaborate closely with development teams, architects, and stakeholders to provide expert guidance on secure coding practices, security design principles, and the selection and implementation of security controls.
• Define and maintain application security policies, standards, and guidelines, ensuring alignment with regulatory requirements and industry best practices.
• Drive the integration of security into the CI/CD pipeline and automated security testing tools and processes to enable secure and efficient application development and deployment.
• Evaluate and recommend emerging technologies, frameworks, and security tools to enhance application security capabilities, scalability, and efficiency.
• Lead incident response efforts for application security incidents, working with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities.
• Stay current with the latest application security threats, vulnerabilities, and attack vectors, and provide strategic recommendations and guidance to mitigate emerging risks.
• Serve as a subject matter expert and thought leader on application security, representing the organization in external forums, conferences, and industry working groups.

Bachelor's degree in computer science, Information Security, or a related field - or equivalent work experience.

• 10+ years of progressive experience in application security, with a focus on securing complex web and mobile applications.
• Extensive expertise in application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques.
• Strong knowledge of web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS).
• Proven experience conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing.
• Deep understanding of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies.
• Demonstrated ability to develop and implement secure software development lifecycle (SDLC) processes and integrate security into DevOps and CI/CD practices.
• Expertise in cloud security concepts and practices, with hands-on experience in cloud-native environments (e.g., AWS, Azure, GCP).
• Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell).
• Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) and active participation in industry forums or associations are highly desirable.
• Leader that can influence, motivate, and direct a workgroup to achieve results.
• Excellent communication skills both verbal and written.
• Project leadership with the ability to prioritize multiple assignments and / or deliverables.

Outseer is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Outseer are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Outseer will not tolerate discrimination or harassment based on any of these characteristics. Outseer encourages applicants of all ages.