At SmashFly, you will be building marketing automation software for recruiting. What we’ve created is truly best-in-class software that helps companies attract and proactively communicate with today’s top talent. The SmashFly solution is used by some of the world’s biggest brands – and we need talent like you to help us constantly improve our technology for them. The work we do here matters to companies and job seekers alike.
Ideal Match:
As a specialist, you will work with Agile delivery teams to develop good security practices throughout the software development journey and share knowledge to help educate people on how to implement code securely.
What you’ll be doing:
The Application Security Engineer role underpins SmashFly’s commitment to producing world class, secure recruitment marketing platforms. The overarching responsibility is:
Application security testing – working with the development team, using automated and manual methods, to test the application for security vulnerabilities.
Application vulnerability risk analysis - estimating vulnerability risk in context of specific application, environment and business scenarios. This will include writing and demonstrating vulnerability "proofs of concept”, explaining this to technical architects and business stakeholders.
Security Consulting – working with technical architects and developers on design of security-sensitive features; providing technical expertise to security related questions in design and development stage; assistance in development of automated testing suites to enforce security standards in newly written code.
Ownership of security toolsets for the discovery and investigation of potential vulnerabilities and activity monitoring.
Helping to embed security in the development and operational lifecycle and showing continued security value by presenting risk from the customer and business perspective.
Acting as security evangelist and ‘mentor’ to the business and development teams.
The skills you should have:
- Experience of a variety of SAST and DAST security tools.
- Excellent skills in penetration testing of web applications.
- Experience working with external pen testers and/or acting as a primary contact for their testing.
- Solid and demonstrable comprehension of cyber and information security including secure coding, security in the SDLC, hacking techniques and the evolving threat landscape.
- Good knowledge of secure development practices such as OWASP and BSIMM.
- Experience with web application firewalls.
- Working knowledge of infrastructure security scanning software.
- Technical mind-set with an aptitude for analysis and investigation.
- Keeps up to date with industry trends, new threats and changes in the security landscape.
- Able to analyse technical data to decipher, prioritise and act upon findings.
- Knowledge of current information security standards and regulations such as NIST 800 series and ISO27000 series.
- Knowledge of HTML, JavaScript, and server-side languages such as .NET, PHP, and Java.
- Experience of working in an Agile environment.
Key skills:
- Excellent oral and written communication skills.
- Self-starter who is able to work on their own and seek out new areas for investigation.
- Ability to discuss technical principles and issues to both technical and non-technical business teams.
- Deliver on time and be work on own initiative to ensure tasks are completed.
- Dependable yet flexible with the ability to carry out scheduled activities.
- Strong people and engagement skills.
- Enthusiastic and shows a wiliness to learn new skills and take on new work.
- Strong analytical, organisational, multitasking and prioritisation skills.
- Ability to work effectively with all levels of the organisation.
- CISSP - desirable.
- CEH or CREST.
- Bachelor’s degree in computer science, related discipline, or equivalent experience.
Our track record so far!
- We are a growth-mode software startup backed by well-respected venture capital
- We’ve delivered significant year-on-year growth since our founding
- We’re the top ranked company by Glassdoor
- We offer great benefits including a flexible working approach, great holidays, private health care, stock options, weekly happy hours – and much more …….you get the idea!
Oh, and our application process is easy, pretty transparent and painless.
We need talent like you to join us. Ready to apply? Get started.
Smashfly Technologies Ltd is an equal opportunities employer
This job comes with several perks and benefits
Friday is something special, let's enjoy a beer together.
Want to be a partner? Look no further.
Break a leg! Seriously, we got you covered in our company healthcare plan.
Kids are the future, go spend time with them.
We take care of you, even when you are old and wrinkly.
Social gatherings and games; hang out with your colleagues.