Application Security Engineer

**The Company:

Marigold helps brands foster customer relationships through the science and art of connection. Marigold Relationship Marketing is a suite of world-class martech solutions that help marketers create long term customer love and loyalty. Marigold provides the most comprehensive set of use cases for marketers at any level. Headquartered in Nashville, Tennessee, Marigold has offices globally across the United States, Europe, Australia, New Zealand, South America and Central America, as well as in Japan.

**The Role:

We are now looking for a new Application Security Engineer to join our Information Security team. The ideal candidate will have a software development background and demonstrated experience across a wide range of application security related areas, and will be someone who is looking to take the next step in their career.

You will be a core member of the application security team, acting as a subject matter expert in the areas of secure software design, web application security, and vulnerability triaging & reporting. You will be advising and supporting multiple software development teams across the business to develop secure applications in accordance with the established application security policies and standards, as well as performing targeted security tests on our products.

You’ll be working in an international setting and collaborating with people across multiple time zones.

**Professional Experience - Candidates must have / be:

• Knowledgeable about Secure Coding Practices, Secure Software Design Principles and Secure Software Supply Chain best practices in a production environment.
• Experienced at collaborating with software development teams and understanding how they operate and the issues they face.
• Knowledgeable about least two of the following languages such as C#, golang, PHP, Javascript, Python, C/C++.
• In-depth knowledge of web application vulnerabilities and practical experience with OWASP guides and best practices.
• Experienced with application vulnerability management, including the identification, triaging, qualification and reporting of vulnerabilities, as well as performing code reviews and remediation validation testing.
• Performing in-depth root cause analysis of discovered vulnerabilities.
• Experienced with the integration of SAST/DAST/IAST/SCA toolchains into development workflows and maintenance of such tooling.
• Experienced using security testing tools such as Burp Suite or ZAP.
• Experienced at facilitating external web application penetration testing.
• The ability to explain complex technical concepts to a non technical audience.
• Strong communication skills to successfully interact with stakeholders across a broad range of domain expertise.
• A willingness to continuously learn and improve their skill set.

**Nice to Haves - Ideal candidates will have:

• Understanding of software engineering methodologies (SCRUM, LeSS, etc).
• Participated in running and maintaining a bug bounty program.

**Key Responsibilities

• Contribute to the implementation and running of the Application Security Program.
• Provide application security subject matter expert knowledge and consultation to development teams.
• Maintain and implement Application Security Program defined policies and quality standards.
• Drive cross-disciplinary initiatives to improve the security practices of our engineering ecosystem and the products developed at Marigold.
• Work on initiatives to improve AppSec activities (for example automated gating or vulnerability acceptance process) as specified by the Application Security Program.

**What We Offer:

• Unlimited PTO (we call it Open Time Away) and birthday leave.
• Remote first position or work from our Melbourne or Sydney office space if you prefer.
• Salary Continuance & Life Insurance .
• Flexible work hours.