About the job

SummaryBy Outscal

Condé Nast seeks an Application Security Engineer IV with 5+ years of experience in Application Security and DevSecOps. Must have expertise in Secure Development Lifecycle, CI/CD, OWASP Top 10, Threat Modeling, and experience in a global organization. Knowledge of cloud, containers (Kubernetes, AWS, Docker, AWS EKS), GitHub, and security tooling is essential.

About the job

JOB DESCRIPTION

Condé Nast is a global media company, home to iconic brands including Vogue, The New Yorker, GQ, Glamour, AD, Vanity Fair and Wired, among many others. The company's award-winning content reaches 84 million consumers in print, 367 million in digital and 379 million across social platforms, and generates more than 1 billion video views each month.

The company is headquartered in London and New York, and operates in 32 markets worldwide, including China, France, Germany, India, Italy, Japan, Mexico & Latin America, Russia, Spain, Taiwan, the U.K. and the U.S, with local licensed partners across the globe.

The Cyber Security Team provides the security services that underpin Conde Nast’s security posture and enhance the organisation's security profile. The Cyber Security Team is responsible for; Information Security and Cyber Risk management, Security Operations and the global SOC, Security Architecture and Application Security as well as Security Engineering. This role sits within the Cyber Security team reporting into the Security Architecture and Engineering Manager and provides the team with application security expertise that will allow the team to fully engage with the Development and Engineering teams and work with them to embed security into their development lifecycle. The successful candidate will own and manage Cyber Security relationships with key stakeholders within the Platform, Development and Engineering teams.


Conde Nast employs a large development team that develops around 250 products or services across the business which are predominantly consumed by our customers across the globe. As such we have a massive focus on ensuring all products we build and develop are done so securely.


We are seeking someone who is an SME in the areas of Application Security and DevSecOps and has worked in a lead role within a global organisation for a number of years.

The candidate will ideally come from a development background and will have demonstrable expertise in Application Security, DevSecOps, S-SDLC and relevant CI/CD methodologies.

The applicant will act as the lead on all Application Security initiatives as well as initiatives which support securing the overall development lifecycle.

They will use their expertise to identify security gaps in our current application development lifecycle and processes and propose remedies to improve security throughout the lifecycle. Additionally they will support with recommendations to shift security left such as to support us to operate in a truly dedicated DevSecOps manner.

The applicant should have an understanding of Application Threat modelling methodologies and will have experience of performing Threat modelling having previously used various tools in performing these.

The applicant should look to actively promote adoption and use of such methodologies and ensure security requirements are understood and embedded into the development lifecycle.


Duties:

  • Work collaboratively with Product, Engineering and Global Architecture teams to identify vulnerabilities at the design stage.
  • Engage regularly with development teams to discuss any security concerns relating to products or applications.
  • Act as an SME on application vulnerabilities and support with detailing remediation steps to developers. Provide advice where required to assist with remediation.
  • Perform manual testing to ascertain whether vulnerabilities are true positives and validate automated test scan results if required.
  • Administer and maintain our SCA, SAST, IaC, Container and DAST security solutions, ensuring tooling is fit for purpose and providing value, as well as new features are being utilised.
  • Support with onboarding development teams onto security tooling and integrating tools into their CI/CD pipeline, ensuring their applications are regularly being scanned for vulnerabilities.
  • Drive security improvements and enhancements within the products and applications Conde Nast develops.
  • Identify gaps in our application security controls and make recommendations for improvements to tooling or processes to resolve the gaps and improve security.
  • Support with Code Reviews/Analysis. Knowledge of Java, Java Script and NodeJs is essential.
  • Support with arranging third party penetration testing against key applications or services.
  • Provide business stakeholders and the GRC team with reporting on application vulnerabilities and KRI’s across our application portfolio.
  • Develop and maintain all documentation for our Application Security Tooling, including processes and procedures for onboarding and offboarding teams and utilising tools in general.
  • Regularly update and maintain our Application Security standards, best practices and guidelines within Confluence to ensure developers have a central location to reference.


Required Skills:

To be successful, the candidate will need to have and demonstrate the following knowledge, skills and experience, along with a proactive focused attitude;

  • Minimum 5 years experience in Application Security and Engineering.
  • Minimum 5 years experience in Secure Development Lifecycle
  • Thorough knowledge of CI/CD and DevSecOps principles.
  • Awareness of application security flaws and web application best practices (e.g. OWASP Top 10, CWE SANS Top 25)
  • Understanding of STRIDE, or other Threat modelling or applicable methodologies
  • Experience of working in a geographically dispersed organisation with varied stakeholders.
  • Experience of implementing security within a DevOps environment i.e. adopting a shift-left approach within Application Security.
  • Knowledge of cloud and containers essential (Kubernetes, AWS, Docker, AWS EKS)
  • Experience of having worked with GitHub and GitHub actions is essential.
  • Experience of using Static and Dynamic Code Analysis tools (Snyk and Rapid 7 AppSec are beneficial)
  • Awareness and experience of the NIST framework and PCI-DSS Standard.
  • Experience of container vulnerability scanning or securing containers.
  • Experience of programming / development technologies, (this will be tested at interview)
  • Experience of AWS WAF implementation and AWS services in general.
  • Good communication, presentation and written language skills.
  • Knowledge of development methodologies e.g. Agile


Educational Qualifications:

  • BS Computer Science or similar qualification
  • Application Security certifications (CEH, CASE, CSSLP or similar)

Similar Jobs

Rockstar Games - Lead Data Security Engineer

Scotland, United Kingdom (On-Site)

Electronic Arts - Senior Security Engineer II

California, United States (Hybrid)

PlayStation Global - Sr Application Security Engineer

United States (Remote)

Character.AI - Security Engineer, Privacy

California, United States (On-Site)

Character.AI - Staff Security Engineer - Privacy

California, United States (On-Site)

Similar Skill Jobs

Activision - Expert Technical Artist – Sledgehammer Games

California, United States (On-Site)

Pragma - Service Operations Specialist

United States (Remote)

Thatgamecompany - Audio Designer

Remote Us (Remote)

Easygo - Digital & Motion Designer

Bogotá, Colombia (On-Site)

PlayStation Global - Director, IP Licensing

California, United States (Hybrid)

Mavericks VFX - Layout & Tracking Artist

Ontario, Canada (Remote)

Rockstar Games - Nuke Compositor

California, United States (On-Site)

Samsung Semiconductor - Senior Manager, Memory Sales

California, United States (Hybrid)

Jobs in Bengaluru, Karnataka, India

Kwalee - Product Manager

Karnataka, India (Hybrid)

Kwalee - Data Analyst

Karnataka, India (Hybrid)

Kwalee - Creative Producer

Karnataka, India (Hybrid)

Quizizz - Subject Matter Expert, Mathematics

Karnataka, India (On-Site)

Tama Systems India Private Limited - Embedded Engineer

Karnataka, India (On-Site)

The Rosary School (TRS) - Admission Counselor

Maharashtra, India (On-Site)

Mott MacDonald - BIM Engineer/Technician (Revit Structure)

Maharashtra, India (On-Site)

Neur XR Studios - 3D Artist

Tamil Nadu, India (On-Site)

Kratos Gamer Network - Game Success Manager

Karnataka, India (On-Site)

Madison Logic - Sr. Product Designer

Maharashtra, India (On-Site)

Software Engineering Jobs

Pragma - Service Operations Specialist

United States (Remote)

Azra Games - Mid-level Software Engineer (Visual Scripter)

California, United States (Hybrid)

Rockstar Games - Nuke Compositor

California, United States (On-Site)

PTW - Junior Post-Production Coordinator

England, United Kingdom (Hybrid)

Abstraction games - Engineering Manager

Eindhoven (On-Site)

ElevenLabs - AI Safety Engineer

Berlin, Germany (Remote)

ElevenLabs - AI Safety Engineer

California, United States (Remote)

ElevenLabs - AI Safety Engineer

Catalonia, Spain (Remote)

Level Up Your Career in Game Development!

Transform Your Passion into Profession with Our Comprehensive Courses for Aspiring Game Developers.

Job Common Plug