Application Security Engineer

JLL empowers you to shape a brighter way.

Our people at JLL and JLL Technologies are shaping the future of real estate for a better world by combining world class services, advisory and technology for our clients. We are committed to hiring the best, most talented people and empowering them to thrive, grow meaningful careers and to find a place where they belong. Whether you’ve got deep experience in commercial real estate, skilled trades or technology, or you’re looking to apply your relevant experience to a new industry, join our team as we help shape a brighter way forward.

JLL es una empresa comprometida con la igualdad de oportunidades entre hombres y mujeres / JLL as a company is committed to equal opportunities for men and women.

JLL's Application Security team is looking for an Application Security Engineer to help validate that our services, applications, and websites are designed and implemented to the highest security standards. You will be responsible for analyzing the security of applications and services utilizing industry standard tooling and manual code reviews, vendor-provided solutions, discovering and addressing security issues, building security automation, and quickly reacting to new threat scenarios.

Strong skills across multiple domains will aide you in providing significant contributions to the JLL Application Security team and to multiple groups across JLL. You will have the opportunity to develop and contribute to solutions to interesting business problems and utilize appropriate technologies to drive understanding of the threat surface across JLL products and services.

As an Application Security Engineer you must foster constructive dialogue and find resolution when confronted with challenges and potentially discordant views. Engineers in this role are expected to participate fully in the planning of the Application Security team and constantly seek opportunities for process improvement. A successful candidate will need a combination of technical and communication skills, as well as the ability to handle a mix of disparate tasks which will include threat modeling, automation, and project work. This role will provide career growth opportunities as the security engineer gains new security skills in the course of your duties and working with fellow world-class technologists.

Responsibilities:

• Application security reviews via triaging tooling, and manual code analysis / reviews across commonly used languages (among them Python, Java, .NET, etc.)
• Review of third-party services (e.g. SaaS-providers)
• Review of potential Mergers & Acquisitions Application Security posture and identify gaps and overall posture
• Audit, assessment, and analysis of overall security posture of projects
• Provide subject matter expertise and guidance in secure software development, including secure coding strategies, security frameworks, and threat modeling
• Stay up to date with emerging security threats, industry trends, and cutting-edge technologies, translating this knowledge into practical recommendations
• Researching new technologies and languages when required
• Engagement and outreach to internal development teams
• Development and/or review and improvement of application security guidance documentation
• Security tool automation and development opportunities
• Security metrics delivery and improvement
• Assistance with recruiting activities and other administrative work as needed

Basic Qualifications:

• Bachelor (undergraduate) degree in a relevant field (Computer Science, Software Engineer, Security, or others) OR an equivalent combination of education, training, and experience
• Minimum of 2 years of professional experience with any combination of at least 2 technical disciplines, including the following: cloud security, network security, application security, mobile security, secure development methodologies, software development and coding, identity management, authentication and authorization, network architecture, system administration, and systems engineering
• Strong knowledge of secure coding practices, OWASP Top Ten, CWE/SANS Top 25, and common application vulnerabilities.
• Experience with code review techniques and tools for identifying security vulnerabilities.
• Strong written and verbal communication skills, with the ability to convey complex security concepts to technical and non-technical stakeholders

Location:

Remote –Madrid, ESP

If this job description resonates with you, we encourage you to apply even if you don’t meet all of the requirements. We’re interested in getting to know you and what you bring to the table!

JLL Privacy Notice

Jones Lang LaSalle (JLL), together with its subsidiaries and affiliates, is a leading global provider of real estate and investment management services. We take our responsibility to protect the personal information provided to us seriously. Generally the personal information we collect from you are for the purposes of processing in connection with JLL’s recruitment process. We endeavour to keep your personal information secure with appropriate level of security and keep for as long as we need it for legitimate business or legal reasons. We will then delete it safely and securely.

For more information about how JLL processes your personal data, please view our Candidate Privacy Statement.

For additional details please see our career site pages for each country.

For candidates in the United States, please see a full copy of our Equal Employment Opportunity and Affirmative Action policy here.

Jones Lang LaSalle (“JLL”) is an Equal Opportunity Employer and is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process – including the online application and/or overall selection process – you may contact us at Accommodation Requests. This email is only to request an accommodation. Please direct any other general recruiting inquiries to our Contact Us page > I want to work for JLL.