FlashFood, LLC
Application Security Developer - REMOTE
FlashFood, LLC, Camp Hill, Pennsylvania, United States, 17091
As we continue our rapid growth at Flashfood, we are looking for a talented Application Security Developer to join our Engineering team. You'll lead the way for the expansion of the Application Security Developer program at Flashfood. The mission for the team is to proactively discover, to fix security vulnerabilities and to implement solutions that automate, scale and enhance application security. We're looking for someone who is just as passionate about automating key areas of the Secure Software Development Lifecycle (SSDLC) as well as partnering with developers to securely build and fortify our applications. The key areas of focus for the AppSec Development program are: Secure Application Design, Tools/DevSecOps and Application Vulnerability Management.
Who We Are:
With the rising cost of food and the challenges faced by our supply chain, Flashfood has become a staple in many North American families. At Flashfood, we are on a mission to reduce the environmental impact of food waste and provide our communities with easier access to healthy, affordable food. We are tackling this gigantic problem together, with a diverse team of people from all over the globe.
What You Will Do:
Propose solutions for secure application design, DevSecOps automation, tool optimization, application vulnerability management and strategies for risk reductionCollaborate with Lead Devs, Product Managers, Program Managers, and other teams to deliver high-quality products.Build relationships with Infrastructure teams and Software Development teams.Work with multiple internal teams to ensure products are designed and implemented according to security policies, standards, and best practices.Work as part of the AppSec team using Agile methodologies.Lead AppSec SPLC programs such as the Security Champions program, AppSec Certification program, and numerous company-wide security events.Help identify and validate best-in-class security standards implementationValidate finding from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvementPropose product feature enhancements to enhance security of our applicationTest, replicate and validate security vulnerabilities in applicationsPerform threat modeling of upcoming features and productsDrive adoption of Policy as Code, adherence to software security metricsPractical knowledge and experience working in public cloud environments & IAM solutions (Azure, AWS,GCP etc.)You have a "can do" attitude. Our teams create high-quality work on quick timelines. Owning a problem doesn't scare you, but rather empowers you to take 100% responsibility for achieving our mission.You appreciate direct communication. You're both an active communicator and an eager listener - because let's face it, you can't have one without the other. You're cool with candid feedback and see every setback as an opportunity to grow.Who You Are:
3+ years of work experience specializing in Application Security, preferably in a consulting role.8+ years of IT experience, preferably in information security.Strong verbal and written communication skills.Knowledge and Experience with one or more AppSec tools such as Snyk, Orca Security etc.Knowledge of OWASP top-10 App/API and a deep understanding of web application and mobile app vulnerabilities.Experience in facilitating technical conversations between engineering and operations teams.Experience in analyzing systems designs and code, and identifying security problemsStrong knowledge of software release process and release pipeline.Strong programming skills in Python, Golang, or Javascript/TypescriptNice to Have:
Understanding of regulatory compliance frameworks such as NIST, SOC 2Understanding of MITRE framework and threat intelligenceUnderstanding of infrastructure as codeUnderstanding of KubernetesStrong knowledge of GitHubCompany Perks
Competitive base salaryCompany-wide performance bonusCasual and remote-friendly work environmentFlexible working hoursMonthly team events (virtual friendly)Maternity & Parental Leave Top Up PlanProfessional development opportunities - $1,750/yearOpportunity to work with a growing company passionate about sustainability and making an impact on our communities
The requirements listed in job descriptions are guidelines, not hard and fast rules. You don't have to satisfy every requirement or meet every qualification listed. If your skills are transferable and you are in the ballpark with the number of years of experience Flashfood is looking for, apply. Applying gives you the opportunity to be considered.
Flashfood is an equal opportunity employer and is committed to providing an accessible recruitment process. Please advise should you need any accommodation throughout the recruitment process. All your information will be treated confidentially.
Who We Are:
With the rising cost of food and the challenges faced by our supply chain, Flashfood has become a staple in many North American families. At Flashfood, we are on a mission to reduce the environmental impact of food waste and provide our communities with easier access to healthy, affordable food. We are tackling this gigantic problem together, with a diverse team of people from all over the globe.
What You Will Do:
Propose solutions for secure application design, DevSecOps automation, tool optimization, application vulnerability management and strategies for risk reductionCollaborate with Lead Devs, Product Managers, Program Managers, and other teams to deliver high-quality products.Build relationships with Infrastructure teams and Software Development teams.Work with multiple internal teams to ensure products are designed and implemented according to security policies, standards, and best practices.Work as part of the AppSec team using Agile methodologies.Lead AppSec SPLC programs such as the Security Champions program, AppSec Certification program, and numerous company-wide security events.Help identify and validate best-in-class security standards implementationValidate finding from security scanning tools and ideate data-driven enhancement strategies for dynamic (DAST), static (SAST), open source application security testing (SCA) and container security scanning including troubleshooting, and continuous process improvementPropose product feature enhancements to enhance security of our applicationTest, replicate and validate security vulnerabilities in applicationsPerform threat modeling of upcoming features and productsDrive adoption of Policy as Code, adherence to software security metricsPractical knowledge and experience working in public cloud environments & IAM solutions (Azure, AWS,GCP etc.)You have a "can do" attitude. Our teams create high-quality work on quick timelines. Owning a problem doesn't scare you, but rather empowers you to take 100% responsibility for achieving our mission.You appreciate direct communication. You're both an active communicator and an eager listener - because let's face it, you can't have one without the other. You're cool with candid feedback and see every setback as an opportunity to grow.Who You Are:
3+ years of work experience specializing in Application Security, preferably in a consulting role.8+ years of IT experience, preferably in information security.Strong verbal and written communication skills.Knowledge and Experience with one or more AppSec tools such as Snyk, Orca Security etc.Knowledge of OWASP top-10 App/API and a deep understanding of web application and mobile app vulnerabilities.Experience in facilitating technical conversations between engineering and operations teams.Experience in analyzing systems designs and code, and identifying security problemsStrong knowledge of software release process and release pipeline.Strong programming skills in Python, Golang, or Javascript/TypescriptNice to Have:
Understanding of regulatory compliance frameworks such as NIST, SOC 2Understanding of MITRE framework and threat intelligenceUnderstanding of infrastructure as codeUnderstanding of KubernetesStrong knowledge of GitHubCompany Perks
Competitive base salaryCompany-wide performance bonusCasual and remote-friendly work environmentFlexible working hoursMonthly team events (virtual friendly)Maternity & Parental Leave Top Up PlanProfessional development opportunities - $1,750/yearOpportunity to work with a growing company passionate about sustainability and making an impact on our communities
The requirements listed in job descriptions are guidelines, not hard and fast rules. You don't have to satisfy every requirement or meet every qualification listed. If your skills are transferable and you are in the ballpark with the number of years of experience Flashfood is looking for, apply. Applying gives you the opportunity to be considered.
Flashfood is an equal opportunity employer and is committed to providing an accessible recruitment process. Please advise should you need any accommodation throughout the recruitment process. All your information will be treated confidentially.