We are Sisense.
A radically innovative BI company focused on redefining every aspect of business analytics. We love innovation; we always seek to better our solutions and delight our customers. Turning complexity into simplicity is our goal. Sisense provides a single-stack BI solution, from a blazing fast analytical server that can mash up complex data sets out of various source providers, to a killer analytical product that turns data into actionable insights using proprietary technologies that leave other analytical engines in the dust.
What are we looking for?
We are looking for a talented Senior Application Security Engineer to develop, design and implement security touch points into the Sisense product and support the trajectory of our new unified cloud product while maturing the existing on-premise product. This role will primarily focus on application security, and there will be plenty of opportunities to expand into other areas of Security Operations (vulnerability management, bug bounty, and Incident response) and Security IT (configurations, SaaS security tooling, and overall automation).
What will you do?
- Partner with the security team to understand the organizational mission, attack surface and help define the appropriate risk-based security initiatives
- Spend time with the engineering and product team to get up-to-speed on our technology stacks and current security controls
- Have a solid fundamental understanding of our products, people, processes, and technologies
- Perform an initial assessment on the strengths and weaknesses of the current stack through static analysis, automated scanning, and/or custom attacks
- Provide recommendations for identified opportunities from the current state processes
- Code review and other production changes to ensure no security issues are introduced
- Work with key stakeholders to ensure compliance of Sisense's internal procedures and compliance goals (SOC2, HIPAA, ISO, GDPR, CCPA)
- Drive security improvements to production environments and the deployment processes
- Perform targeted offensive security testing
- Promote better security throughout the company
- Implement continuous monitoring systems and tools to automatically identify potential security issues at the code, application and infrastructure layers
- Support external and internal penetration testing efforts and assist with driving issues to closure
- Assist with our bug bounty program and maturation of Hacker powered security
- Promote a security-first culture and ensure that all employees at Sisense are able to protect the organization from threats
What should you have?
- Experience working as a security engineer, consultant or similar position
- Security mindset as a business enabler and as part of the core security foundation
- Effective communication style and action- driven abilities
- Hands-on experience in configuring and hardening cloud-based infrastructure (AWS, Google Cloud, Azure, etc.)
- Experience with container technology (Kubernetes)
- Strong experience in Python, Java, JavaScript, Go and Ruby on Rails
- Demonstrated capability in secure coding (input validation, session management, etc.) and performing automated or manual static analysis
- Hands-on experience in conducting penetration testing and vulnerability assessment at the network and application layers
- Ability to dissect new systems, product requirements, features to identify and develop security requirements
- Basic understanding of security processes (access management, incident management, data security, etc.)
- Security certifications such as OSCP, CISSP, CEH, GWAPT, etc.