Overview of Position:

The Senior Application Security (AppSec) Engineer reports to the Security Operations Manager and serves as the focal point for cybersecurity strategy research, development, implementation, and action. The Senior AppSec Engineer will be responsible for ensuring the security and compliance of our applications. This role will be working closely with our development teams and engineering teams to guarantee the secure development and maintenance of our applications and products. The ideal candidate is a self-starter and has a "learn-it-all" type of mentality with a passion for security. This role will partner with business unit leads to identify requirements necessary to ensure the confidentiality, integrity, and availability of all Horizon3 systems, services, and information.

Essential Functions

• Conduct security reviews and threat modeling of applications and services to identify vulnerabilities and design secure solutions
• Perform application security testing (SAST, DAST, RASP, SBOM, etc.) and provide recommendations for remediation
• Collaborate with development teams to implement secure coding practices and improve application security posture
• Advise on security best practices and provide guidance on secure design and development to ensure that security is integrated throughout the development lifecycle
• Identify attacks, develop best practices for security configurations to protect against attacks, and work closely with Horizon3.ai's product and engineering teams to ensure robust security controls and protocols are implemented
• Implement and maintain Gitlab CI/CD pipelines for secure code releases
• Empower development teams to have access to security standards, tools, and knowledge before development items need AppSec team members
• Develop and maintain security tools, scripts, and automation
• Design and implement AWS security controls and monitor for security incidents
• Design and implement data security controls and ensure that sensitive data is protected
• Conduct security assessments of third-party vendors and partners
• Communicate security risks and recommendations to stakeholders in a clear and concise manner
• Ensure that applications and services meet compliance standards such as SOC2, GDPR, ISO27001, etc.
• Implement cybersecurity frameworks and controls to align with industry best practices
• Implement Data Loss Prevention (DLP) controls including data classification, identification, and protection
• Use defects and incidents as an opportunity to improve processes, tools and proactively drive those improvements
• Identify and respond to cyber attacks

Competencies

• In-depth knowledge of React, Python, GQL, Terraform, and Gitlab
• Strong understanding of AWS security and data security principles
• Experience with application security testing tools and techniques (SAST, DAST, RASP, etc.)
• Knowledge of OWASP Top 10 and other web application security standards
• Experience with threat modeling and risk assessments
• Excellent communication skills and ability to explain technical concepts to non-technical stakeholders
• Ability to work independently and as part of a team, and a strong sense of ownership and accountability
• Knowledge of compliance standards such as SOC2, GDPR, ISO27001, FedRAMP, etc.
• Familiarity with cybersecurity frameworks such as NIST, CIS, and MITRE ATT&CK
• Knowledge of Data Loss Prevention (DLP) including data classification, identification, and protection
• Broad knowledge across the Security domain, as well as deep focus in one (or more) areas such as: (Logs and events processing, Incident Management, Detection, response tool development, etc.)

Qualifications

• Bachelor's degree in Information Technology, Computer Science, or related field
• 5+ years of general cybersecurity field experience
• 5+ years of experience in application security
• AWS Certified Security - Specialty
• CISSP or relevant security certifications
• Experience securing an Amazon Web Services (AWS) environment.

Preferences

• AWS Certified Security - Specialty
• CISSP or relevant security certifications
• 5+ years of general cybersecurity field experience

Travel Required

We are a fully remote company, and this job may require up to 10-20% of travel to be successful. Job-related travel expenses are reviewed and approved by your manager.

Why H3

• Competitive Compensation: We offer a highly competitive salary and benefits package.
• Growth Opportunities: Be part of a dynamic and growing team with numerous career advancement opportunities.
• Innovation-Driven Culture: Work in a collaborative environment that encourages creativity and out-of-the-box thinking.
• Flexible Work Environment: Enjoy the convenience and work-life balance that comes with remote work.
• Inclusive and Diverse Team: We value diversity and promote an inclusive culture where everyone can thrive.

Compensation Disclosure:

In accordance with various State’s transparency regulations, we provide the following salary range information for this position:

• Base salary range: $120,000 - $230,000 annually. The exact salary will be determined based on the selected candidate’s location, qualifications, experience, and relevant skills.
• Additional compensation: This role may also be eligible for performance bonuses, equity options, and other benefits which will be discussed during the interview process.

We are committed to pay equity, fairness, and transparency. All candidates will be evaluated based on their skills, experiences, and potential contributions without regard to race, gender, age, or any other protected status.

Horizon3.ai is an equal opportunity employer and is committed to providing a work environment that is free from discrimination and harassment. We do not discriminate based on race, color, religion, sex, national origin, age, disability, veteran status, sexual orientation, gender identity or expression, genetic information, marital status, or any other legally protected status.

We encourage all qualified candidates to apply for open positions with our company and welcome candidates from all backgrounds and experiences. We are committed to providing equal employment opportunities to all employees and applicants for employment and will make reasonable accommodations to enable individuals with disabilities to perform the essential functions of their roles.