AppSec Engineer II

LivePerson (NASDAQ: LPSN) is the global leader in enterprise conversations. Hundreds of the world’s leading brands — including HSBC, Chipotle, and Virgin Media — use our award-winning Conversational Cloud platform to connect with millions of consumers. We power nearly a billion conversational interactions every month, providing a uniquely rich data set and safety tools to unlock the power of Conversational AI for better customer experiences.  

At LivePerson, we foster an inclusive workplace culture that encourages meaningful connection, collaboration, and innovation. Everyone is invited to ask questions, actively seek new ways to achieve success, nd reach their full potential. We are continually looking for ways to improve our products and make things better. This means spotting opportunities, solving ambiguities, and seeking effective solutions to the problems our customers care about. 

Overview:

The AppSec team at Liveperson is responsible for testing the security of LivePerson applications and environments, on-premises and cloud.  All of our AppSec team members are expected to have a thorough understanding of complex IT systems and stay up to date with the latest security vulnerabilities, standards, systems and protocols, as well as testing tooling and methodologies. 

This role manages SDLC integrated application security testing tooling and integrations, drives risk reduction and vulnerability remediation and assists in the closing of discovered vulnerabilities and weaknesses.

The right candidate will have a can do, follow-up and follow through attitude. They will be able to understand and assess our environments for vulnerability and communicate the associated risk to internal and external stakeholders.  

You will: 

• Manage and enhance application security tools (Static Code Analysis, Open Source vulnerabilities tools, Dynamic Application Security tools, etc), integrations, and develop in-house application security automation tools
• Validate discovered vulnerabilities using code review skills and manual/semi-automatic tooling like Burp.
• Validate external penetration test results and work with internal and external stakeholders.
• Perform some security penetration tests (both application and infrastructure for Web and mobile applications)
• Work with the engineering and security teams to provide actionable reporting, find and explain security issues, suggest mitigations, and determine when issues are mitigated.
• Stay up to date on the latest testing tools and techniques ensuring both your and the team is using the most effective and efficient methods.
• Produce both high level and detailed reports and metrics to support data-based decisions.
• Assist in creating and updating Application Security procedures, policy, standards and guidelines
• Train, coach and mentor other members of the team, development and the broader LivePerson Security and Engineering teams.

You have:

• Understanding of software security architecture and design
• Broad experience of information security and AppSec testing techniques
• Have practical experience in an application security role with manual testing
• Solid understanding of cloud environments (GCP especially), web protocols, weaknesses and vulnerabilities
• Good working knowledge of current IT risks and experience testing, exploitation and mitigation techniques
• Working knowledge or experience with one or more of the following: Shell, Java, Python, or Node.js
• Experience developing automation and exploitation scripts 
• Experience or strong interest in penetration testing, including cloud deployed applications
• Ability to interact with a broad cross-section of personnel to explain security vulnerabilities
• Highly curious and dedicated to continuous learning
• Excellent written and verbal communication skills 

Benefits:  

• Health: medical, dental, and vision
• Time away: 28 vacation days
• Development: Generous tuition reimbursement and access to internal professional development resources. 
• Additional: Food Vouchers.
• #LI-Remote

Why you’ll love working here:

As leaders in enterprise customer conversations, we celebrate diversity, empowering our team to forge impactful conversations globally. LivePerson is a place where uniqueness is embraced, growth is constant, and everyone is empowered to create their own success. And, we're very proud to have earned recognition from Fast Company, Newsweek, and BuiltIn for being a top innovative, beloved, and remote-friendly workplace. 

Belonging at LivePerson:

We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants with criminal histories, consistent with applicable federal, state, and local law.

We are committed to the accessibility needs of applicants and employees. We provide reasonable accommodations to job applicants with physical or mental disabilities. Applicants with a disability who require reasonable accommodation for any part of the application or hiring process should inform their recruiting contact upon initial connection.

The talent acquisition team at LivePerson has recently been notified of a phishing scam targeting candidates applying for our open roles. Scammers have been posing as hiring managers and recruiters in an effort to access candidates' personal and financial information.  This phishing scam is not isolated to only LivePerson and has been documented in news articles and media outlets.Please note that any communication from our hiring teams at LivePerson regarding a job opportunity will only be made by a LivePerson employee with an @liveperson.com email address.

LivePerson does not ask for personal or financial information as part of our interview process, including but not limited to your social security number, online account passwords, credit card numbers, passport information and other related banking information. If you have any questions and or concerns, please feel free to contact [email protected]