Région
Role Description:
You will be a leader within our application security team. The goal of Guild Education’s application security program is to ensure that software engineering teams across the company are enabled to securely design, build, test, and maintain the applications that power our business. Our guiding principle is to pave roads and enable our engineers to deliver secure software with minimal friction, supporting their work across the entire Secure Development Lifecycle (SDL). We take a customer-service oriented approach to support, coach, and empower our engineers to do the right things without friction or slowing them down.
Responsibilities:
Develop and lead threat modeling training, workshops, and collaborative sessions for a wide array of cloud-based products and services. Champion threat modeling practices within the development teams, promoting best industry practices.
Collaborate with product and engineering on architecting resilient, security-first services
Build and deliver educational content to our engineers including hands-on training courses
Interpret findings from application security tools and provide coaching in remediation
Assist in the development of secure code libraries
Evaluate and classify findings from SAST, DAST, SCA and externally reported sources
Act as technical liaison between Information Security and application development teams, including guiding teams towards strong application security practices and remediating known risks
Develop and support integration and automation within security, monitoring, reporting, and ticketing platforms
Review and analyze existing processes and suggest improvements for increased security and efficiency
Requirements:
1-3 years in secure development/application security
Proficiency in one or more of modern programming languages
Proficiency in scripting
Hands-on experience with one or more application security testing tools (SAST, SCA, IAST, DAST)
Intimate knowledge of OWASP Top 10 Vulnerabilities, mitigations, and their impact on application architecture
Experience in web application security and SSDLC practices
Proficient in at least one general programming language such as JavaScript, Python, C/C++, Java, Rust, or Go
An understanding of web applications, web servers, layer 7 application technologies
Preferred Qualifications:
An understanding of AWS Well Architected Framework and Cloud native application development best practices
Experience with OWASP Application Security Verification Standards (ASVS)
Other Soft skills:
You are a great communicator who can explain technical issues and risks to a broad, non-technical audience.
You can work well with engineering, legal, security, devops, product, executives, and others.
You tailor your communication style, level of detail, and approach based on the audience.
Enjoys working directly with software engineers, including in new languages and tool chains
You are a strong collaborator and can influence technical teams, and you take them along with you.
You operate effectively across teams and disciplines even in highly ambiguous situations.
You have experience building inclusive team cultures
We feel passionately about equal pay for equal work, and transparency in compensation is one vehicle to achieve that. Total compensation for this role is market competitive, including a base salary range of $110,000-$130,000 as well as company stock options.
No salary data published by company so we estimated salary based on previous jobs related to InfoSec, Engineer and Education jobs that are similar:
$70,000 — $120,000/year
Denver, Colorado, United States