Application Security Engineer (Remote)
New Context Services
Application Security Engineer
New Context is a rapidly growing consulting company in the heart of downtown San Francisco. We specialize in Lean Security: an approach that leads organizations to build better, safer software through hands-on technical and management consulting. We are a group of engineers who live and breathe Agile Infrastructure, Systems Automation, Cloud Orchestration, and Information & Application Security.
As a New Context Application Security Engineer, you will provide technical leadership with a hands-on approach. Our clients look to us to guide them to a solution that makes sense for them, and you should expect to provide thought leadership, design, and implement that solution.
Expect to be involved in application security and vulnerability management using Open Source technologies as well as all aspects of security architecture, directives, and standards for application security. You will utilize our core methodologies - DevOps, Agile, Lean, TDD and Pair Programming - along with your expertise in application security - to provide advice and assistance to application teams. You will work with our clients and other New Context team members while working from the New Context office, at client sites, or from your home.
We foster a tight-knit, highly-supportive environment where you will receive respect and be included. Even if you may not know the answer to a question immediately, you'll have the entire company supporting you via Slack, Zoom, or in-person. We also host a daily, all-company stand-up via Zoom, and a weekly company Retro, so you won't just be a name on an email.
At New Context, our core values are Humility, Integrity, Quality & Passion! Our employees live these values every single day.
Who you are:
- A seasoned technologist with 5+ years work experience in cybersecurity, secure app development, or application security roles;
- Happy and effective as a consultant in client-facing situations;
- Knowledgeable about Lean Security or DevSecOps techniques and environments;
- Experienced in Open Source web technologies, especially in the areas of highly-available, secure systems;
- Experienced with cloud-native (AWS, Google Cloud, Azure) application implementations and the relevant security risks and mitigations.
- Have worked in a team to create production-quality applications in an Agile environment;
- Possess working knowledge of Unix-based operating systems and networking concepts, Windows and Microsoft Active Directory..
- Comfortable with authentication and authorization functionalities and systems - identity federation (SAML, Oauth, OpenId), directory services (LDAP, AD), authenticating proxies;
- Experienced as a technical lead;
- An excellent communicator, experienced with external clients and customers and able to communicate productively with customers to explain technical aspects and project status;
- Able to think on your feet and learn quickly on-the-job in order to meet the expectations of our clients;
- A great teammate and a creative and independent thinker.
Bonus points if you are:
- CISSP, CEH, CASE, GWEB, GWAPT, GSSP (or equivalent) certified.
- Experienced with Windows operating systems and Windows-based networking, e.g. Active Directory.
- Familiar with network security fundamentals,, social engineering, and/or forensic analysis;
- A believer in automated tests and their role in software engineering;
- Familiar with Infrastructure as Code (IaC) and automated server provisioning technologies;
- Able to translate complex concepts to business customers;
- A member of national and/or local security groups.
Technology we use: We tailor solutions to our customers. You might work on projects using any of the following technologies (or other similar technologies):
- Security: BurpSuite, ZAP Proxy, SAST/DAST Scanning Tools, Threat Modeling, Kali Linux, Standards & Compliance, Compliance standards, Application Security, Layer 7 Firewalls, OSSEC, Hashicorp Vault, STIX, TAXII;
- Automation: Chef, Puppet, Docker, Ansible, Salt, Terraform, Automated Testing
- Containerization Ecosystem: Docker, Mesosphere, Rancher, CoreOS, Kubernetes
- Cloud & Virtualization: AWS, Google Compute Engine, OpenStack, Cloudstack, kvm, libvirt
- Tools: Jenkins, Atlassian Suite, Pivotal Tracker, Vagrant, Git, Packer
- Monitoring: SysDig, DataDog, AppDynamics, New Relic, Sentry, Nagios, Prometheus
- Databases/Datastores: Cassandra, Hadoop, Redis, Postgres, MySQL
We are committed to equal-employment principles, and we recognize the value of committed employees who feel they are being treated in an equitable and professional manner. We are passionate about finding ways to attract, develop and retain the talent and unique viewpoints needed to meet business objectives, and to recruit and employ highly qualified individuals representing the diverse communities in which we live, because we believe that this diversity results in conversations which stimulate new and innovative ideas.
Employment policies and decisions on employment and promotion are based on merit, qualifications, performance, and business needs. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.