Web Application Security Engineer
We’re a leading, global security authority that’s disrupting our own category. Our encryption is trusted by the major ecommerce brands, the world’s largest companies, the major cloud providers, entire country financial systems, entire internets of things and even down to little things like surgically embedded pacemakers. We help companies put trust—an abstract idea—to work. That’s digital trust for the real world.
Job Title: Senior Security Engineer - Web Application Security & DevSecOps
The Senior Security Engineer - Web Application Security & DevSecOps will join DigiCert’s crusade in delivering world-class Cyber Trust capabilities, continuously advancing global security operations by building programs to further strengthen DigiCert’s Security hygiene posture as well as activities to continuously protect against and evolve crisis response functions.
This exciting opportunity empowers strategic collaboration, joining forces across multiple business areas, and designing scalable systems to achieve DigiCert’s common vision.
As a Senior Security Engineer specializing in web application security and DevSecOps within our cybersecurity team, the candidate will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). This individual will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.
- Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.
- Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.
- Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.
- Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.
- Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.
- Establish and maintain strong relationships with executives and stakeholders, presenting complex security concepts in an accessible manner.
- Design and deliver security awareness training to developers and other relevant parties to foster a security-centric culture within the organization.
- Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.
- Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.
- Play an advisory role in the architectural design of new applications, emphasizing secure architectural patterns and best practices.
- Manage, excel and scale bug bounty program.
- Develop program documentation to promote operational stability and scalability.
- Support Leadership in strategic planning.
- Develop security policies and standards, as needed.
- Drive and support security identified remediation efforts.
- Foster and promote a security-forward culture.
- Mentor junior team members.
- Other duties and responsibilities, as assigned.
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, or a related field.
- Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.
- Minimum of 5 years of experience in cybersecurity, with a focus on web application security and secure SDLC.
- Proven track record of working with DevSecOps tools and methodologies.
- Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.
- Excellent communication skills with the ability to engage technical and non-technical stakeholders.
- Strong analytical and problem-solving abilities, with a meticulous attention to detail.
- Must have experience working in Threat Detection and Incident Response
- Advanced level of knowledge of Information Security design concepts and principles