The role will include a range of responsibilities from authentication and authorization to compliance and automation. We focus on improving code quality and making work easier for everyone.
- Serve as a Subject Matter Expert(SME) in web application security for projects during development.
- Provide Application Security consulting and recommendations, ensuring the implementation of approved security requirements.
- Help improve the quality of our code throughout the whole stack. This will include writing fixes for individual problems as well as authoring “guard rails” which keep engineers from introducing problems in the first place.
- Contribute to code reviews, design discussions, and develop features and solutions that scale.
- Share application security knowledge with the members of the wider engineering team through training and internal blogging.
- Support the implementation and enforcement of secure design principles according to policies, standards, and patterns of Application Security.
- Plan , organize, and complete work within agile sprints. Communicate effectively on progress towards meeting expectation.
- Use the best software development practices and processes to coach and mentor other engineers toto become proficient developers.
- Contribute to a team culture that values openness, inclusiveness, respect, quality, robustness, scalability, and humility while fostering innovation.
- Participate in security incident response when needed.
- Work with security product vendors and service providers to evaluate security offerings, including product evaluations, proof-of-concepts, and pilot installations.
- Collaborate with product management and other engineering teams to define initiatives and features.
- Our team runs our own services and are on-call for those services 24/7.
The must-have skill sets
- Minimum one year of experience with modern JS libraries/frameworks (e.g. React, Angular, Vue, etc.).
- Deep understanding of each OWASP top 10 vulnerability
- Minimum two years of experience in a security role Knowledge of website security, such as headers, cookies, CORS, XSS, etc.
- Strong understanding of Web authentication technologies such as OAuth and SAML
- Knowledge of the Software Development Life Cycle (SDLC), both generating policy and the application thereof
- Understanding of TLS and encryption, down to individual ciphers, and hashes and their correct application
- Experience with hacking, pen testing, and security tools (e.g. Burp Suite, Kali Linux, Nmap, Ghidra, IDA Pro, John the Ripper, Metasploit)
- Strong technical communication skills
- Knowledge of object-oriented software design patterns and computer science fundamentals (e.g. data structures, algorithms)
- Understanding of web frameworks and ORMs (for instance, Active Record in Rails)Experience with relational DBs (e.g. MySQL) including the development of complex SQL queries and their security pitfalls
- Testing methods, including unit and integration tests Knowledge of Linux and networking
Good to have
- Knowledge of how to use and configure Docker and Kubernetes
- Contributions to open source projects
- Swagger/Open API tooling experience
- Knowledge of using fuzzing in a web context
- Experience working with real-time messaging, NoSQL storage, and asynchronous task queues (e.g. Redis, RabbitMQ, Kafka, Celery, or Spark)
- Understanding of security-related compliance topics such as SOC2, PCI, ISO 27001
Equal employment opportunity
Rezilyens is an equal opportunity employer and is dedicated to fostering an inclusive and diverse environment for employees from all walks of life. We hire based on talent and we’re proud of our global perspective.