Application Security Engineer

Who We Are:SiriusXM and its brands (Pandora, SiriusXM Media, AdsWizz, Simplecast, and SiriusXM Connect) are leading a new era of audio entertainment and services by delivering the most compelling subscription and ad-supported audio entertainment experience for listeners -- in the car, at home, and anywhere on the go with connected devices. Our vision is to shape the future of audio, where everyone can be effortlessly connected to the voices, stories and music they love wherever they are.This is the place where a diverse group of emerging talent and legends alike come to share authentic and purposeful songs, stories, sounds and insights through some of the best programming and technology in the world. Our critically-acclaimed, industry-leading audio entertainment encompasses music, sports, comedy, news, talk, live events, and podcasting. No matter their individual role, each of our employees plays a vital part in bringing SiriusXM's vision to life every day.How you'll make an impact:The Application Security Engineer will join the security organization to support SiriusXM technology objectives. The ideal candidate has a passion for finding opportunities and inspiration to solve security challenges and will do so by providing tools, guidance, context and continuous support to ensure the security success of our software and applications.What you'll do:Build and document security features to enable developers to write secure code.Facilitate the implementation and continual improvement for a secure SDLC.Secure tool creation, enabling security by default by building security and tooling into the software development process, conducting regular audits and tests to identify risks and prioritizing fixes.Drive the technical implementation of our security solutions by providing necessary guidance and technical leadership to the SiriusXM engineering community.Develop and improve the Application Security capabilities of SiriusXM by continually designing runbook procedures and expanding the scope and capabilities of security tools.Consulting and systems development responsibilities for needs brought to the Application Security team by the business.Write and design SDKs, containers images, guardrails, and testing suites.Design, implementation, facilitation, and maintenance of tooling and frameworks to make adoption of security guardrails and best practices easier for developers when working in our code bases.Participate in the design and implementation of applications, services, and infrastructure to ensure security and privacy design principles are being followed by performing security reviews and threat modeling.Work within a collaborative team to develop scripts and software to solve for security automation and development needs.Aid in secure code reviews, focused on security bug reduction.Develop documentation, training, and security baselines to inform and educate the engineers, IT practitioners and developers on best practices.Deploy, manage, and tune infrastructure used to protect our applications from common vulnerability exploitation, account takeover, and denial of service attacks.Triage, escalate, and remediate vulnerabilities found as part of our vulnerability management program, bug bounty program and discovered in enterprise penetration tests.Work with the product management teams to prioritize fixes for vulnerabilities and work with engineering teams to understand how to fix these issues.Conduct root cause analysis of security findings to develop systematic improvements to develop processes, tooling, and security checks.Fix vulnerabilities, building in security telemetry/instrumentation, and adding security features to our products/applications.Participate with the architecture and planning for company-wide security efforts.Form a strong relationship with developer teams and serve as point of contact and security SME for questions arising around secure development.Actively participate in all facets of the incident response lifecycle.What you'll need:3+ years of software development experience, 2+ years of security (direct or adjacent) experience.Proficient in at least one primary development language (preferably Python and Java/Scala).Some experience with mobile application security preferred (Kotlin and Swift).Experience with internal development for identity management, Cognito, OIDC, SAML, and SSO integration development.Experience with AWS and/or GCP.Experience calling REST and/or GraphQL APIs.Experience administering application security tools such as SAST, SCA, DAST.Knowledge of OWASP classifications and how to implement security checks for these vulnerabilities.Ability to understand security code reviews.Understanding of continuous integrations, testing, and delivery.Ability to discover, document and fix security bugs.Experience using Git and related, development processes in a professional setting.Knowledge of JIRA (Issue/bug tracking), Confluence.Experience writing educational documentation or knowledge bases.Security mindset, self-starter, and ability to operate independently.Be an organized and responsive problem solver.Excellent oral/written presentation skills with the ability to teach and communicate effectively to developers and leadership.Passionate about understanding complex systems.Eager to learn, adapt, and improve your work.Must have legal right to work in the U.S.

#J-18808-Ljbffr