Senior Application Security Engineer I

Product Overview

Outseer Fraud Manager is an advanced, omnichannel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine, Outseer Fraud Manager is designed to measure the risk associated with a user’s login and post-login activities by evaluating a variety of risk indicators. Using powerful machine learning and fine-grained policy controls, this anti-fraud hub only requires additional assurance, such as out-of-band authentication and transaction signing, for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users, ensuring a frictionless end user experience and high fraud detection rates.

What you’ll achieve:

As a Senior Application Security Engineer, you will take ownership of securing our applications throughout the software development lifecycle and provide strategic guidance to ensure the highest level of security across our organization. With your expertise, you will mentor and collaborate with cross-functional teams, drive the adoption of best practices, and implement robust security measures to protect our critical assets, data, and customer information from security threats and vulnerabilities.

Essential Duties

• Drive the application security program, establishing strategic goals, objectives, and initiatives to enhance the overall security posture of our applications.
• Conduct comprehensive application security assessments, including manual penetration testing, code reviews, architecture reviews and vulnerability scanning, to identify and mitigate risks and vulnerabilities.
• Provide technical leadership and guidance to development teams, architects, and stakeholders on secure coding practices, security requirements, and the integration of security controls into the software development lifecycle.
• Develop and maintain application security policies, standards, and guidelines to ensure compliance with regulatory requirements and industry best practices.
• Collaborate with development teams to perform threat modeling, identify security design gaps, and recommend appropriate security controls and countermeasures.
• Conduct security reviews of third-party applications and vendors to assess their security posture and ensure compliance with our security standards.
• Lead incident response efforts for application security incidents, coordinating with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities.
• Stay up to date with emerging threats, vulnerabilities, and industry trends, and provide recommendations for proactive security enhancements.
• Mentor and train junior members of the application security team, providing guidance and knowledge transfer to develop their skills and expertise.
• Evaluate and recommend security tools, technologies, and frameworks to enhance application security capabilities and automate security processes.

Desired Requirements

• Bachelor’s degree in computer science, Information Security, or a related field - or equivalent work experience.
• 8+ years of professional experience working as an Application Security Engineer or in a similar role, with a focus on securing web and mobile applications.
• In-depth knowledge of application security concepts, including secure coding practices, authentication and authorization mechanisms, encryption, and vulnerability assessment.
• Demonstrated experience conducting manual application penetration testing, code reviews, and vulnerability assessments.
• Strong understanding of web and mobile application frameworks, languages, and technologies (e.g., Java, JavaScript, Python).
• Proficiency in application security tools such as static code analysis (SAST), dynamic application security testing (DAST), and penetration testing frameworks.
• Expertise in cloud security concepts and practices, particularly in cloud-native environments (e.g., AWS, Azure, GCP).
• Deep knowledge of web application security vulnerabilities (OWASP Top Ten), attack vectors, and mitigation techniques.
• Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell).
• Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) are highly desirable.
• Administration of security tools such as: Anti DDoS WAF, SAST and DAST.
• Secure software development lifecycle (SSDLC) and DevSecOps practices.
• Leader that can influence, motivate, and direct a workgroup to achieve results.
• Excellent communication skills both verbal and written.
• Project leadership with the ability to prioritize multiple assignments and / or deliverables.

Desired Behaviors

• Adaptability: Demonstrates flexibility and openness to change. Actively seeks and adopts improved approaches and processes.
• Proactive Action: Takes initiative and is driven by results. Takes ownership of actions and outcomes, meeting commitments and striving for high performance.
• Effective Workload Management: Makes timely decisions, prioritizes tasks effectively, solves problems, monitors results, and takes corrective action when necessary.
• Technical Proficiency: Possesses a solid understanding of their role and responsibilities, demonstrating competence in performing tasks and utilizing relevant technical skills.
• Continuous Learning: Takes personal responsibility for learning and development. Recognizes personal strengths and areas for improvement, actively seeks feedback, and embraces opportunities to learn.
• Effective Communication: Demonstrates strong facilitation and written communication skills. Clearly articulates ideas and proposals, actively listens to colleagues' perspectives, and values diverse viewpoints.
• Collaboration: Shares information, fosters teamwork, and contributes to a positive work environment. Actively collaborates with others and encourages a sense of unity and cooperation among team members.
• Ethical Conduct and Competence: Acts with integrity and intent, displaying ethical character in all actions. Takes accountability for one's own behavior and aligns actions with the company's values and principles.
• Good Citizenship: Represents the values and interests of Outseer. Acts as a positive ambassador for the company and contributes to the overall well-being and success of the organization.

Outseer is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Outseer are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Outseer will not tolerate discrimination or harassment based on any of these characteristics. Outseer encourages applicants of all ages.