Who are we?
Afiniti is the world’s leading applied artificial intelligence and advanced analytics provider. Afiniti Enterprise Behavioral Pairing™ uses artificial intelligence to identify subtle and valuable patterns of human interaction in order to pair individuals on the basis of behavior, leading to more successful interactions and measurable increases in enterprise profitability.
Afiniti operates throughout the world, and has measurably driven billions of dollars in incremental value for our clients.
Purpose Afiniti is seeking to hire an innovative and motivated individual, who under general direction can work with a high level of autonomy, uses knowledge and skills obtained through education and experience to be the liaison between the Afiniti Information Security department and the internal Afiniti software development teams as well as their management.
The primary objective of this position is to provide security support for all application and software development and to ensure the software development teams have the appropriate knowledge, tools and resources to create secure applications and services.
The Application Security Engineer will work closely with the software development teams as well as the internal Information Security teams to ensure the Afiniti SDLC process is being followed and appropriate evidences are available for external auditors as well as client inquiries. Key Responsibilities
Build and maintain effective relationships with all internal software developers and their management
Ensure all software development teams are aware of, and following the Afiniti SDLC
Ensure all internal software development teams are using the appropriate code repositories, with the appropriate controls in place for confidentiality, integrity and auditability
Ensure all internally developed software is undergoing code analysis (Static and dynamic code analysis) and the identified vulnerabilities are being properly addressed through training, awareness, peer-reviews and best-practices for coding
Collaborate with the internal developers to ensure software is developed following secure-coding practices
Encourage a security culture across company; ensure developers are aware of core security values to emphasize risk-based judgments, security in product designs, and prioritizing security remediation work
Perform or coordinate risk assessments for applications and underlying systems, including 3rd party penetration tests
Disclose all identified vulnerabilities to the appropriate software development personnel, teams and their management
Ensure development teams understand the vulnerabilities and possible remediation solutions
Track and follow up on the remediation of any identified or discovered vulnerabilities.
Design POC’s of possible attacks related to the discovered vulnerabilities
Ensure development teams have access to secure coding training and best practices (e.g. OWASP)
Ensure development teams have access to the proper resources (tools) to create secure applications and services
Help to maintain our Secure Software Development Life Cycle in all their different stages
Maintain up to date knowledge on current and future security threats and vulnerabilities
Assist the Afiniti Information Security team as needed
The ideal candidate will have
5 to 8 years of professional experience
Software development experience across multiple technology stacks and languages
Knowledge of using practical implementation to advise Software development and implementation teams on secure design, and how to fix potential vulnerabilities
Experience of secure coding techniques
Knowledge of Internet security issues and threat landscapes
Good understanding of application security standards, frameworks, attack methods, and mitigation best practices (e.g., OWASP, SANS, NIST)
Ability to write scripts using bash, PowerShell, Python, Perl, etc.
Knowledge of several of the following technology, vulnerability scanning tools (Burp Suite, Acunetix, AppScan, Fuzzers), etc.
Current knowledge of security threats, solutions, security tools and network technologies
An understanding or proficiency in information security and compliance regulations (ISO 27001, PCI DSS, GDPR, SSAE-18 SOX)
Keen ability to diagnose and troubleshoot technical issues, excellent problem solving skills
Fluency in English, written and spoken is a must
Excellent documentation and communication skills
Must be able to work independently, and also a team player
You may be required to travel on need basis
Education & Qualifications
Bachelor’s Degree in an IT related discipline
CEH CHFI CISSP or similar security related certification
In lieu of certifications, at least 5 years of information security, software development, or risk management experience
Salary & Package
As well as a competitive base salary dependent on the number of years of experience, we also offer generous stock options, an annual discretionary bonus plus Corporate benefits.