This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Matillion is built around small development teams utilising a modern, cloud-based technology stack to deliver products. The AppSec Engineer will work in an engineering capacity to product and engineering teams to ensure security is baked into the product from the design phase creating a SecDevOps workflow.
Job Responsibility:
Establish and lead security champions programme across the development squads
Build functional and nonfunctional requirements for the application in conjunction with the product team
Input abuse case stories into the product backlog
Evangelise security across the product team, ensuring security stories are prioritised against feature goals
Assess SDLC security gap risks and propose remedies
Instruct and guide developers on how to conduct Threat Modelling during application Design
Act as the single point of contact for security concerns arising from the development team providing advice on how to solve technical software issues
Lead the pentesting cadence around the core application set by conducting hacking exercises
Provide application code reviews against known development frameworks such as OWASP ASVS
Provide input into the design of functional and non-functional security controls such as customer authentication workflows
Run Security Champion sessions to keep developers aware of security developments
Establish security into the CICD pipeline such as SAST/IAST/DAST
Automate and build nifty security tools to test Matillion applications
Integrate testing, build failures and outputs to the development team to ensure passage to production is secure
Create security tests for code and assist developers in building security unit testing
Responsive support to the development teams
Analysis of logs to identify issues and provide solutions
Research projects, including prototyping, to explore future opportunities
Investigate new technologies
Optimise the infrastructure deployment process through use of automation, in-house and open source solutions
Develop new skills by working with other members of the team
Work with the Team Lead to identify training goals
Lead and partake in technical discussions within the team
Actively identify and complete opportunities for self-training and external training
Drive the team’s process of continual improvement
Requirements:
A passion and drive to succeed in Application Security
Understanding of Software Development Life Cycle
Security professional at heart borne from a software engineering background
Experience of working with the OWASP ASVS framework
Experience in Agile delivery environments
Greenfield experience setting up security technologies from scratch
Outgoing and able to build relationships with key stakeholders
Can do attitude, willing to take on a wide range of security issues
Keeps up to date with security developments
Keen to engage with the security community on a range of topics
Fast learner
What we offer:
Company Equity
27 days paid time off
12 days of Company Holiday
5 days paid volunteering leave
Group Mediclaim (GMC)
Enhanced parental leave policies
MacBook Pro
Access to various tools to aid your career development