Principal Application Security Engineer I

Product Overview

Outseer Fraud Manager is an advanced, omnichannel fraud detection hub that provides risk-based, multi-factor authentication for organizations seeking to protect their consumers from fraud across digital channels. Powered by the AI/ML based Risk Engine, Outseer Fraud Manager is designed to measure the risk associated with a user’s login and post-login activities by evaluating a variety of risk indicators. Using powerful machine learning and fine-grained policy controls, this anti-fraud hub only requires additional assurance, such as out-of-band authentication and transaction signing, for scenarios that are elevated risk and/or violate rules established by an organization. This methodology provides transparent authentication for most of the users, ensuring a frictionless end user experience and high fraud detection rates.

What you’ll achieve:

As a Principal Application Security Engineer, you will drive the development and implementation of advanced security practices, policies, and frameworks to ensure the integrity and confidentiality of our applications. Your deep technical knowledge, combined with your leadership skills, will guide our organization in effectively managing and mitigating application security risks while fostering a culture of security excellence.

Essential Duties

• Provide principal leadership to the application security program, helping set the strategic direction, goals, and objectives to enhance the overall security posture of our applications.
• Develop and implement advanced application security practices, including secure coding standards, threat modeling methodologies, and secure software development lifecycle (SDLC) processes.
• Conduct in-depth application security assessments, including code reviews, architecture reviews, and penetration testing, to identify and remediate complex security vulnerabilities and risks.
• Collaborate closely with development teams, architects, and stakeholders to provide expert guidance on secure coding practices, security design principles, and the selection and implementation of security controls.
• Define and maintain application security policies, standards, and guidelines, ensuring alignment with regulatory requirements and industry best practices.
• Drive the integration of security into the CI/CD pipeline and automated security testing tools and processes to enable secure and efficient application development and deployment.
• Evaluate and recommend emerging technologies, frameworks, and security tools to enhance application security capabilities, scalability, and efficiency.
• Lead incident response efforts for application security incidents, working with cross-functional teams to investigate, contain, and remediate security breaches or vulnerabilities.
• Stay current with the latest application security threats, vulnerabilities, and attack vectors, and provide strategic recommendations and guidance to mitigate emerging risks.
• Serve as a subject matter expert and thought leader on application security, representing the organization in external forums, conferences, and industry working groups.

Desired Requirements

• Bachelor’s degree in computer science, Information Security, or a related field - or equivalent work experience.
• 10+ years of progressive experience in application security, with a focus on securing complex web and mobile applications.
• Extensive expertise in application security principles, secure coding practices, secure architecture design, and vulnerability assessment techniques.
• Strong knowledge of web and mobile application frameworks, languages, and technologies (e.g., Java, .NET, JavaScript, Python, Android, iOS).
• Proven experience conducting advanced application security assessments, including code reviews, architecture reviews, and penetration testing.
• Deep understanding of web application security vulnerabilities (OWASP Top Ten), advanced attack techniques, and mitigation strategies.
• Demonstrated ability to develop and implement secure software development lifecycle (SDLC) processes and integrate security into DevOps and CI/CD practices.
• Expertise in cloud security concepts and practices, with hands-on experience in cloud-native environments (e.g., AWS, Azure, GCP).
• Strong scripting or programming skills for automation and tooling (e.g., Python, Bash, PowerShell).
• Professional certifications in application security (e.g., CSSLP, GWAPT, CISSP) and active participation in industry forums or associations are highly desirable.
• Leader that can influence, motivate, and direct a workgroup to achieve results.
• Excellent communication skills both verbal and written.
• Project leadership with the ability to prioritize multiple assignments and / or deliverables.

Desired Behaviors

• Change Facilitation: Encourages and supports continuous improvement of work practices and processes. Facilitates change by actively seeking opportunities for innovation and sharing ideas with the team.
• Execution Focus: Drives execution by effectively cascading departmental goals into individual goals. Sets high performance standards, communicates clear expectations, resolves problems, provides task clarity, and establishes boundaries.
• Team Influence: Provides coaching and mentorship, utilizing open and honest communication. Escalates when necessary to ensure compliance. Recognizes team members for their contributions and fosters and open environment.
• Motivational Mentorship: Keeps the team focused and motivated by delivering, knowing when to escalate issues, providing regular feedback, while maintaining open lines of communication.
• Technical Proficiency: Possesses a strong understanding of their own role and responsibilities and is familiar with the roles and tasks of team members. Demonstrates technical competence and provides guidance when needed.
• Effective Communication: Over-communicates by hosting regular team communication such as one-on-one meetings and team meetings. Ensures important and relevant information is cascaded to the team in a timely manner.
• Employee Involvement: Encourages employees to participate in decision-making processes, valuing their ideas and proposed solutions. Creates a culture of open dialogue and collaboration.
• Ethical Conduct and Competence: Displays ethical character and competence, earning the trust of others by acting with integrity and intention. Upholds the company's values and principles in all actions.
• Role Modelling: Sets a positive example by demonstrating high levels of commitment and energy. Acts as a role model for the organization's core values and maintains high standards of behavior. Influences others positively and contributes to a positive work culture at Outseer.

Outseer is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Outseer are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, national, social or ethnic origin, sex (including pregnancy), age, physical, mental or sensory disability, HIV Status, sexual orientation, gender identity and/or expression, marital, civil union or domestic partnership status, past or present military service, family medical history or genetic information, family or parental status, or any other status protected by the laws or regulations in the locations where we operate. Outseer will not tolerate discrimination or harassment based on any of these characteristics. Outseer encourages applicants of all ages.