Application Security Engineer

Iceberg are currently recruiting on behalf of a forward thinking tech scale up start-up business who have become known as one of the most disruptive and fastest growing businesses in the world right now. They are going through a security culture transition and as technology is at the very core of their business they require a Application Security SME to work with the London based engineering team to ensure secure code practices are being followed and secure code is being cut.

You will;

• Pair with developers on security code reviews, imparting secure development practices while you find and help remediate vulnerabilities.
• Track the security of third-party libraries and managing the integration of urgent vulnerability mitigations.
• Work on our internal development frameworks to build systemic solutions for vulnerability types and to shield developers from places where third-party code wasn’t designed with safe defaults.
• Manage external code reviews for high-exposure projects.
• Integrate static analysis into our continuous integration process and helping developers work with it.
• Help design and build security-critical product infrastructure like key management for column-level control of data access by microservices.

Requirements

• Proven industry experience in application security
• Hands-on experience with:
  • Professional development experience in any programming language
  • Web and service level security vulnerabilities and bug-class-killing mitigations
  • Auditing code for security and communicating vulnerabilities and mitigations
  • Technologies such as GraphQL, Koa, React, JWT, GCP, Kubernetes, Docker
  • Library design, particularly in seeing libraries as a designed user interface for developers
• Ability to thrive and succeed in a dynamic, fast growing, startup environment
• Experience with coaching development teams
• Able to act as a security champion