Introduction
Are you searching for an opportunity to play a key role in driving the dramatic growth of a highly successful software company?
At Poppulo, we’re working on what’s next in communications and workplace technology. As a pioneer in this industry, we understand that meaningfully reaching every employee is hard. And so is managing office space in a hybrid world. And so is improving the customer and guest experience. We exist to make each of these things easier. We exist to bring harmony to our customers.
And we do that at enterprise scale. Our omnichannel employee communications, customer communications, and workplace experience platform is trusted by over 6,000 organizations today, reaching more than 35M employees and delivering content to 500,000+ digital signs.
We know there’s no such thing as a “perfect" candidate - we’re all a work in progress and are growing new skills and capabilities all the time. We encourage you to apply for a position with Poppulo even if you don’t meet 100% of the requirements. We believe in fostering an environment where there is a diversity of perspectives, in hopes that we can all thrive.
Overview:
Poppulo is seeking a Senior Application Security Engineer to join our security team.The role of the Senior Application Security Engineer is to identify and anticipate vulnerabilities to protect Poppulo assets. They will utilize established and create new processes and capabilities to focus on vulnerability management, secure code development, software development lifecycles, and security assessments. They will support the development and maintenance of business continuity planning, data, systems, and network security for systems and controls related to their job duties.
Should be flexible to work in UK shifts
Role Responsibilities:
- Perform and support application security reviews, consulting, testing in coordination with developer operations, and threat modeling (using DREAD and STRIDE), including code review and dynamic testing.
- Own and perform application security vulnerability management.
- Support the bug bounty program.
- Facilitate and support the preparation of security releases.
- Support and consult with product and development teams regarding application security.
- Assist in creation of secure code training to end-users and developers.
- Assist in development of automated security testing to validate that secure coding best practices are being used.
- Participate in the planning, implementing, and managing of application security measures/technologies to protect the organization's information systems and networks.
- Assist with the review, development, and implementation of application security policies, procedures, and service documentation.
- Monitoring application security systems to identify alerts and response efforts for potential application security events/findings.
- Develop and mentor junior staff through open communication, training and development opportunities, and celebrate their success.
- Facilitate our secure SDLC (Software Development Life Cycle) which includes AVS (Application Vulnerability Scanning) scanning, SD3+C, and PD3+C methodologies, etc.
- Manual Penetration Testing of our Products and Vendor Products.
- Develop detailed vulnerability reports for application owners and management teams.
- Conduct detailed penetration test report read-outs with application owners and management teams and provide remediation recommendations.
- Participate in On-Call rotations.
Skills & Experience Required:
- Bachelor's degree in Computer Science, Information Systems, Cyber Security related field, or equivalent experience.
- One or more security-based certifications preferred, such as CISSP, Security +, GWEB, GWAPT, etc.
- 5+ years’ experience in some form of information security discipline; Information Security Engineering, Application Security Engineering, etc.
- 5+ years of experience performing network and application security testing.
- 5+ years of experience in software engineering working in .NET, JavaScript, React, HTML, AWS (Amazon Web Services) Micro Services, Python, and AWS-based lambda.
- 3+ years working on security principles in software engineering with strong knowledge in Open Web Application Security Project (OWASP) security principles.
- Experience with the NIST or ISO 27001/2 security frameworks.
- Experience with the participation of SOC-based independent audits a plus.
- Ability to use GitLab/GitHub/CICD Pipelines.
- Familiarity with common security libraries, security controls, and common security flaws.
- Basic development or scripting experience and skills.
- Experience with OWASP, static/dynamic analysis, and common security tools.
- A deep understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
- Experience working with developers.
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Experience identifying security issues through code review.
- Strong problem-solving skills and self-motivation to learn and upskill regularly.
- Experience working in a global hybrid environment with teams applying an agile methodology.
- The ability to work independently and across functional teams while developing key working relationships.
- IT (Information Technology) experience and understanding of common devices, equipment, environments, network diagrams & systems.
- Extraordinary communication (verbally and written) and problem-solving skills with an ability to deliver on time and work with minimal direction.
- Proven record of producing documentation relating to application services.
Preferred:
- Experience working asynchronously.
- Involvement in local or regional security user groups or conferences.
- A team-first, collaborative approach.
- Ability to explain complex technical issues clearly and confidently in simple and understandable terms.
- Must be able to adapt quickly to ever changing requirements and priorities.
Who We Are
We are a values-driven organization that encourages our employees to bring their authentic selves to work every day and empowers everyone to make a tangible impact on our products, clients, and culture. We offer a dynamic environment with driven, fun, and flexible individuals who thrive on challenge and responsibility. This is an opportunity to contribute to our culture and join a company that’s on the move.
We live the Poppulo values each day, as they are key to everything we do.
We show up authentically, are self-aware and always strive to be better.
- See it. Own it. Solve it.
We proactively innovate and solve for our customers and each other. We set an example with high standards for our work. We foster a culture of learning, acknowledging our successes and our failures.
We value and celebrate our diversity. We learn from others, respecting their expertise, and focus on building trust. That's what makes us a team.
Named a Great Place to Work in 2015, 2016, 2017, 2018, 2019, 2020, and 2021, we are a fast-growing global technology company, with offices in Ireland, the US, and the UK.
Poppulo is an equal opportunity employer.
We are committed to protecting your privacy. For details on how we collect, use, and protect your personal information, please refer to our Job Applicant Privacy Policy.