REMOTE ROLE: A Blue Prism Application Security Engineer champions product development security, providing security education and awareness, designs and implements new security initiatives that enhances Blue Prisms security position and implements, maintains and enforces software security standards and compliance.
Blue Prism is the global leader in intelligent automation for the enterprise, transforming the way work is done. At Blue Prism, we have users in over 150 countries in more than 1,800 businesses, including Fortune 500 and public sector organizations, that are creating value with new ways of working, unlocking efficiencies, and returning millions of hours of work back into their businesses. Our Digital Workforce is smart, secure, scalable and accessible to all; freeing up humans to re-imagine work.
To understand more about Blue Prism’s intelligent automation click here. You can also visit http://www.blueprism.com/ and follow us on Twitter @blue_prism, LinkedIn and Instagram @blueprismofficial. Or have a look at our YouTube page for further insights about Blue Prism.
Duties & Responsibilities
The primary responsibilities of an Application Security Engineer are to:
Dimensions of the Role
The application security engineer is a supporting role that works as part of the wider product team, they report to the senior/chief application security engineer that in turn reports to the director of engineering.
The skills and knowledge required for the role is broad and diverse, specialization and established product knowledge is recommended at higher levels. The core skills required are:
Being able to identify and eliminate training needs with immediate teams and the wider organization
Creating positive learning environments through interactive learning workshops and presentations
Having good technical writing skills
Experienced in software development projects with a good knowledge of Agile SDLC and DevOps principles
Knowledge of OOP principles with a good understanding of one or more of the following programming languages
Experience of performing security design reviews, threat modelling and risk assessments
Experience of security testing and assurance
Experience and/or understanding of SAST tooling such as Checkmarx, Coverity, Veracode etc.Experience and understanding of SCA tooling such as Snyk, Black Duck, SourceClear etc.
Awareness of international security standards such as OWASP top 10, CWE/SANS Top 25, HIPAA, NIST and how they apply to software development.
Understanding of how to identify and remediate 3rd party license compliance and risk
Knowledge of Security Architecture: threats, countermeasures, confidentiality, authenticity, integrity and non-repudiation
Good understanding of cryptography and its application to security
Demonstrating a good understanding of offensive and defensive security procedures and techniques
Working knowledge of cloud security service design approaches (Azure, AWS, Kubernetes, Docker or GCP).
Understanding of risk assessment tools and frameworks (STRIDE, DREAD, CVSS)
Ability to analyze incoming security concerns and lead/advise remedial work
Additional Skills, Experience, Languages
Whilst not essential the following skills are desirable:
Blue Prism Software is an Equal Opportunity Employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, alienage or national origin, ancestry, citizenship status, age, disability or handicap, sex, marital status, veteran status, sexual orientation, gender identity or expression, genetics, arrest record or any other characteristic protected by applicable federal, state or local laws.
Blue Prism is not accepting unsolicited assistance from search firms for this employment opportunity. Please, no phone calls or emails. All resumes submitted by search firms to any employee at Blue Prism via-email, the Internet or in any form and/or method without a valid written search agreement in place for this position will be deemed the sole property of Blue Prism. No fee will be paid in the event the candidate is hired by Blue Prism as a result of the referral or through other means.