We’re looking for a Senior Application Security Developer to help us straddle the worlds of cutting edge information technology and a business that is at the forefront of innovative explosive growth. The web application security development team is a business enabler that will be working to understand the technical risks of the application environment, translating that into tangible business risk, and arriving at a happy medium that allows the company to propel forward whilst remaining secure. This role reports to the Director of Information Security and is based in Hootsuite’s Vancouver office (post COVID19) or remotely across Canada or the US (in accordance with Hootsuite's local employment entities). The successful candidate may need to be able to travel from time to time to other Hootsuite offices.
WHAT YOU’LL DO:
- Lead vulnerability reviews and risk assessments for multiple highly complex environments.
- Perform code reviews using Static Application Security Testing (SAST) tools and triage the scan findings in the report.
- Responsible for the bug bounty process, including guiding the remediation efforts.
- Advise on the design and implementation of secure cloud infrastructure.
- Conduct threat modelling on complications applications or services as part of the security review process.
- Organize and train developers on Secure Design and Coding practices.
- Provide operational support in the review and approval of access requests and security configuration changes.
- Help us implement a Secure SDLC by integrating Security throughout the development lifecycle.
- Review application architecture and business logic to identify flaws and provide solutions to remediate them.
- Work with development teams to ensure security testing objectives are met.
- Perform ad-hoc application penetration tests to determine security vulnerabilities.
- Work with other Information Security teams to ensure security risk and compliance objectives are addressed.
- Participate in on-call rotation activities as needed and handle Incident Response activities.
WHAT YOU’LL NEED:
- Degree or Diploma in Computer Science or Engineering, along with industry recognized certifications in cyber security is an asset.
- Senior level experience in one or more of the following roles - application security, network security, cyber security.
- Experience in microservice based architecture with any of the Cloud Service Providers like AWS, Azure, GCP, etc. would be an advantage. Experience or knowledge on the Kubernetes environment will be an advantage.
- Thorough understanding of web and mobile application security vulnerabilities, including but not limited to the OWASP Top 10 list of vulnerabilities. Experience in providing solutions to and leading numerous security vulnerability remediation activities
- Experience in performing penetration testing for applications both manually and using automated tools (commercial or open source) like Burp Suite, Nikto, Appscan, Veracode/Fortify, WebInspect, Skipfish, etc.
- Experience in Penetration testing on Mobile applications will be an advantage.
- Experience with Static Application Security Testing tools like Veracode, Fortify, etc.
- Very good understanding of networking and operating system concepts and technologies, along with a prior experience as a developer of code would be an asset
- Collaboration and Teamwork: works with others to deliver results, meaningfully contributing to the team and prioritizing group needs over individual needs
- Influence: Asserts own ideas and persuades others, gaining support and commitment and mobilizing people to take action
- Open Communication: clearly conveys thoughts, both written and verbally, listening attentively and asking questions for clarification and understanding.
- Customer Focus: demonstrates a desire to proactively help and serve internal/external customers meet their needs.
- Problem Solving: uses an organized and logical approach to find solutions to complex problems. Looks beyond the obvious to understand the root cause of problems
WHO YOU ARE:
- Tenacious. You are determined to succeed, and you are motivated by the success of customers, colleagues and the community.
- Curious. You are always learning and seeking ways to make things better.
- Conscientious. You keep your promises, taking your commitments to others seriously, and you have strong integrity.
- Humble. You lead with humility and empathy, respecting and learning from the perspectives of others.
Share our values: We champion the power of human connection. We’re united globally by our shared values of innovation, grit, humility, and passion for customer success.
Make an impact: Working at the speed of social, we create value for our customers by delivering solutions that power relationships at scale. Our pace of work enables fast learning and fosters an environment where you can stretch yourself and make an impact.
Learn and grow: We’re committed to growing the capabilities of our people. We are building a learning community where you can work with diverse individuals, explore new ways of thinking, and expand your capabilities. Our employees are teachers and learners who work out loud and share their knowledge to enhance each other’s growth.
We are dedicated to building a diverse community, one where employees feel a sense of belonging, and are valued for their contributions and the perspectives they bring. Our purpose is to champion the power of human connection and the heart of connection is inclusion. You belong here.
Accommodations will be provided as requested by candidates taking part in all aspects of the selection process.