Overview

Principal Application Security Engineer – Santa Monica, 90404, United States of America 

How you’ll LEAD:

Our team is looking for a Principal Application Security Engineer to lead the protection and defense of our digital applications and software ecosystem.  This role will focus on detecting, mitigating, and responding to application security threats, ensuring that our applications and services remain resilient against cyber threats.  In addition, they will focus on penetration and application security testing concentrating on pre-release, post-release, and 3rd party applications.

We take security very seriously, and protecting our customers is our highest priority. If you are a self-starter who is passionate about security and is excited to work in a highly collaborative environment alongside a diverse team of experts every day, this position is for you.

In addition to having strong technical skills, you must be comfortable in effectively communicating with business leadership, our software development community, technical IT teams, and business partners, all while being sensitive to a wide diversity of cultural and technical backgrounds in a global business environment.

How you’ll CREATE:

  • Defend UMG applications by identifying and mitigating real-world attack vectors, including OWASP Top 10, API abuse, and software supply chain risks;
  • Conduct analysis and testing to verify the strengths and weaknesses of applications in various environments, utilizing commercial and open-source tooling;
  • Develop exploits based on assessments and/or ability to make modifications on existing exploits;
  • Identify and clearly articulate (written and verbal) findings to stakeholders;
  • Provide subject matter expertise with application security, advising the organization on best practices and emerging security threats;
  • Strengthen API security by enforcing authentication, rate-limiting, and anomaly detection against abuse and fraud;
  • Harden software supply chains by implementing SBOM standards, validating dependencies, and mitigating risks from 3rd party software;
  • Integrate automated security defenses into the CI/CD pipeline, ensuring security testing is continuous and proactive;
  • Assist in maturation of security champions program;
  • Assist in development of company specific application security training content;
  • Author best practices, guidelines, standards and policy; and
  • Other duties as assigned.

Bring your VIBE:

  • 8+ years of experience in Application Security, Product Security, or Security Engineering;
  • Strong knowledge of application-layer attacks, including but not limited to: SQL injections, XSS, SSRF, RCE, and API abuse;
  • Hands on experience with SAST, DAST, SCA, etc. tooling;
  • Experience with secure software supply chain (SBOM, dependency scanning, artifact signing);
  • Team player with the ability to both articulate thoughts and opinions but also listen and compromise; and,
  • Experience with media streaming security, Digital Rights Management (DRM), and/or anti-piracy a plus.

#LI-remote

 

Before you apply -
Register now and turn on alerts for jobs like this!

By registering you agree to our terms and conditions.

No thanks, continue to apply