Portfolio Jobs

We couldn’t be more proud to partner with these companies securing the way people live and work.

Senior Application Security Engineer

CyberCube

CyberCube

Estonia
Posted 6+ months ago
About CyberCube:
1) The market leader in digital analytics with the mission of delivering the world’s leading cyber risk analytics on one of the most critical risks of today and the future.
2) Exceptionally well-funded startup that has raised over $100MM of capital from top-tier investors that has no need for any additional capital in this current market environment
3) Explosive team growth (from 15 employees in SF to >100 people globally).
4) Explosive client base growth path with a >99% retention rate.
5) An incredibly diverse, collaborative, and high-performing team of insurance industry professionals, data scientists, and engineers who love working here.
6) CyberCube and its products win industry awards every year (eg. Cyber Risk Solution of the Year & Stress Scenario Software of the Year in 2023). We were recognized with 9 awards in 2022.
7) Senior leadership has a continuous commitment to team members doing the best work of their careers.
8) CyberCube is just a place where you can get things done!
Summary
Responsible for aligning our Software Development Life Cycle with security best practices, conducting security assessments on code changes and in general maturing our application security framework, processes and toolsets.
Primary Responsibilities & Objectives
      Own the application security capability
      Drive the technical direction and roadmap of the application security program
      Lead application security reviews and threat modeling, including code reviews and dynamic testing
      Collaborate with development teams to prepare application security code fixes
      Implement and scale automated security testing to validate that secure coding best practices are being used
      Enable secure development practices through training
 
Skills & Experience
      Familiarity with common security libraries, security controls, and common security flaws
      Development or scripting experience and skills. Node.js and Java are preferred
      Experience with OWASP, static/dynamic analysis, and common security tools
      Experience identifying security issues through code review
      Experience working with developers
      Familiarity with securing applications built on cloud computing environments (AWS preferred)
      Understanding of authorization frameworks (OAuth and JWT)
      Experience working with source control (git, github, bitbucket etc.)
      Exposure to agile development practices
      Experience integrating application security functions into CI/CD processes
      3-5 years of experience working in an Application Security Engineering capability