Jobs · himalayas
Principal Application Security Engineer I
Nimbus Data Systems · India · Posted 14d ago
About the role
Drive the development and implementation of advanced security practices for applications.
Product Overview Outseer Fraud Manager is an advanced, omnichannel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine, Outseer Fraud Manager is designed to measure the risk associated with a user’s login and post-login activities by evaluating a variety of risk indicators. Using powerful machine learning and fine-grained policy controls, this anti-fraud hub only requires additional assurance, such as out-of-band authentication and transaction signing, for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users, ensuring a frictionless end user experience and high fraud detection rates. What you’ll achieve: As a Principal Application Security Engineer, you will drive the development and implementation of advanced security practices, policies, and frameworks to ensure the integrity and confidentiality of our applications. Your deep technical knowledge, combined with your leadership skills, will guide our organization in effectively managing and mitigating application security risks while fostering a culture of security excellence. Essential Duties Provide principal leadership to the application security program, helping set the strategic direction, goals, and objectives to enhance the overall security posture of our applications. Develop and implement advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes. Conduct in-depth application security assessments, including code reviews, architecture reviews, and penetration testing, to identify and remediate complex security vulnerabilities and risks. Collaborate closely with development teams, architects, and stakeholders to provide expert guidance on secure coding practices, security design principles, and the selection and implementation of security controls. Define and maintain application security policies, standards, and guidelines, ensuring alignment with regulatory requirements and industry best practices. Drive the integration of security into the CI/CD pipeline and automated security testing tools and processes to enable secure and efficient application development and deployment. Evaluate and recommend emerging technologies, frameworks, and security tools to enhance application security capabilities, scalability, and efficiency. Lead incident response efforts for application security incidents, working with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities. Stay current with the latest application security threats, vulnerabilities, and attack vectors, and provide strategic recommendations and guidance to mitigate emerging risks. Serve as a subject matter expert and thought leader on application security, representing the organization in external forums, conferences, and industry working groups. Desired Requirements Bachelor’s degree in computer science, Information Security, or a related field - or equivalent work experience. 10+ years of progressive experience in application security, with a focus on securing complex web and mobile applications. Extensive expertise in application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques. Strong knowledge of web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS). Proven experience conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing. Deep understanding of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies. Demonstrated ability to develop and implement secure software development lifecycle (SDLC) processes and integrate security into DevOps and CI/CD practices. Expertise in cloud security concepts and practices, with hands-on experience in cloud-native environments (e.g., AWS, Azure, GCP). Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell). Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) and active participation in industry forums or associations are highly desirable. Leader that can influence, motivate, and direct a workgroup to achieve results. Excellent communication skills both verbal and written. Project leadership with the ability to prioritize multiple assignments and / or deliverables. Desired Behaviors Change Facilitation : Encourages and supports continuous improvement of work practices and processes. Facilitates change by actively seeking opportunities for innovation and sharing ideas with the team. Execution Focus : Drives execution by effectively cascading de
Read the full posting on himalayas →
FAQ
Is the Principal Application Security Engineer I role at Nimbus Data Systems remote?+
This Principal Application Security Engineer I position is listed as remote (India).
What is the salary for the Principal Application Security Engineer I role at Nimbus Data Systems?+
The listing states Estimated 131k-280k USD.
What seniority level is this Principal Application Security Engineer I role?+
This is a unknown level position.
How do I apply for the Principal Application Security Engineer I role at Nimbus Data Systems?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Nimbus Data Systems.