Startup Jobs
Post a Job
Domo

Application Security Engineer

Pune , India
On-site

COMPANY OVERVIEW

Domo is a native cloud-native data experiences innovator that puts data to work for everyone. Underpinned by AI, data science, and a secure data foundation, our platform makes data actionable with user-friendly dashboards and apps. With Domo, companies get intuitive, agile data experiences that power exponential business impact.

POSITION SUMMARY

The Application Security Engineer position at Domo plays an integral role in Domo’s Secure Development Lifecycle.  Individuals in Domo AppSec are passionate about working closely with the rest of engineering (product managers, developers, and QA) to deliver trusted solutions on the world's best data solutions platform.  Identification, Prevention, Remediation, and Response are at the center of the day in the life of a Domo Application Security Engineer.  This role has direct product impact and influence spanning multiple engineering teams.  App Sec engineers at Domo regularly work with teams with architecture, configuration, threat modeling, penetration testing, and driving engineering and mitigation practices.

KEY RESPONSIBILITIES

  • Perform security-focused code reviews
  • Support and consult with product and development teams in the area of application security, including threat modelling and AppSec reviews 
  • Assist teams in identifying, reproducing, triaging, and addressing application security vulnerabilities 
  • Support bug bounty programs and third-party penetration testing. 
  • Assist in the development of security processes and automated tooling that prevent classes of security issues 
  • Lead application security reviews and threat modelling, including code review and dynamic testing 
  • Security testing to validate that secure coding best practices are being used. 
  • Guide and advise product development teams in the area of application security for full-stack applications and solutions: cloud, microservices, mobile, desktop and web. 
  • Assist with recruiting activities and administrative work 
  • Develop security training and socialize SDLC material with internal development teams. 
  • Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area. 
  • Serve as mentor to other AppSec team members, providing guidance and support. 
  • Lead and influence cross-functional positive changes across the Security organization. 
  • Provide expert guidance and direction for other team members when they encounter challenges in their security reviews. 
  • Regular use, reporting, and remediation of SAST, DAST tool findings. 
  • Monitor and influence configuration and dependency management. 
  • Analyze, implement, and steer cloud configurations and deployment practices. 
  • Advocate for secure and compliant implementations meeting or exceeding customer and regulatory expectations 

JOB REQUIREMENTS

Essential:

  • Relevant experience of 3 to 5 years in application security or a related field
  • Ability to use GitHub and other repository tools 
  • Experience identifying security issues through code review 
  • Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner 
  • Experience identifying and reviewing frameworks for common flaws and patterns such as React, Angular, Vue, Spring, etc. 
  • Ability to explain common security flaws and ways to address them (e.g., OWASP Top 10) 
  • Solid development or scripting experience and skills. Java and Spring, Kotlin, .Net, JavaScript, HTML, CSS, C++, and/or Go are preferred 
  • Solid understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, and HTTPS, protocols) 
  • Strong understanding and experience with common security libraries, security controls, and common security flaws (e.g. static analysis tools, proxying/penetration testing tools) 
  • Be a subject matter expert (SME) in multiple technical areas impacting the security of the product 
  • Strong experience working closely with developers 
  • Significant web and mobile penetration testing experience 
  • Experience securing and analyzing micro-services cloud infrastructure with web, mobile, and on-prem software solutions 

Desired:

  • Experience with Data platforms and/or Domo 
  • Security certifications (e.g., CISSP, CEH, or others) are a plus 
  • Bachelor's or Master's degree in Computer Science, Information Security, or a related field 
  • Knowledge of cloud security principles and technologies 
  • Familiarity with container security and orchestration tools (e.g., Docker, Kubernetes) 

LOCATION: Pune, India 

INDIA BENEFITS & PERKS  

  • Medical cash allowance  
  • Maternity and paternity leave policies   
  • Baby bucks: a cash allowance to spend on anything for every newborn or child adopted   
  • Haute Mama: cash allowance for maternity wardrobe benefit (only for women employees)  
  • Annual leave of 18 days + 10 holidays + 12 sick leaves   
  • Sodexo Meal Pass   
  • Wellness Benefit: cash allowance for gym memberships or fitness program  
  • One-time Technology Benefit: cash allowance towards the purchase of a tablet or smartwatch  
  • Corporate National Pension Scheme   
  • Employee Assistance Programme (EAP): A team of counsellors, psychologists, and work-life consultants gives you easy access to the right kind of support and guidance whenever you need it  
  • Marriage leaves up to 3 days   
  • Bereavement leaves up to 5 days

Domo is an equal opportunity employer.

#LI-TU1 

#LI-Hybrid 

Domo

Domo provides a SaaS-based Data Experience Platform that empowers CEOs and business leaders with direct access to data, enabling real-time insights and actions.

Website LinkedIn
View all jobs
Ace your job interview

Understand the required skills and qualifications, anticipate the questions you may be asked, and study well-prepared answers using our sample responses.

Application Security Engineer Q&A's
Report this job

This job is no longer available