Application Security Developer - Remote
New Context is a rapidly growing consulting company in the heart of downtown San Francisco. We specialize in Lean Security: an approach that leads organizations to build better, safer software through hands-on technical and management consulting. We are a group of engineers who live and breathe Agile Infrastructure, Systems Automation, Cloud Orchestration, and Information &Application Security.
As a New Context Application Security Engineer you will be a member of our LS/IQ product development team. One third of your time will be working with customers directly in an advisory role and two thirds will be as a software engineer to further develop the LS/IQ product. Information security experience and credentials are a requirement.
Our team members are expected to be able to work with customers as a trusted adviser for all aspects of security, but especially in translating customer security assessment requirements to plain language that can guide their teams through meeting those requirements. We're looking for security generalists with application security expertise, as well as development skills - people who can think in security, communicate that thinking to our clients in plain English, and who are also comfortable in an active Agile software development role.
You will work with our clients and other New Context team members while working from your home or New Context office, and occasionally client sites. We foster a tight-knit, highly-supportive environment where you will receive respect and be included. Even if you may not know the answer to a question immediately, you'll have the entire company supporting you via Slack, Zoom, or in-person. We also host a daily, all-company stand-up via Zoom, and a weekly company Retro, so you won't just be a name on an email.
At New Context, our core values are Humility, Integrity, Quality &Passion! Our employees live these values every single day.
Who you are:
- A seasoned technologist with 5+ years work experience--including as a technical lead--in cybersecurity, secure app development, or application security roles;
- CISSP Certified
- Experienced in application development using open-source web technologies
- Experienced in deploying and maintaining SaaS products in on public cloud platforms;
- Experience with securing cloud-native application implementations
- Possess working knowledge of Unix-based operating systems and networking concepts;
- Comfortable with authentication and authorization functionalities and systems
Bonus points if you are:
- CEH, CASE, GWEB, GWAPT, GSSP (or equivalent) certified.
- Familiar with network security fundamentals, social engineering, and/or forensic analysis;
- A believer in automated tests and their role in software engineering;
- Familiar with Infrastructure as Code (IaC) and automated server provisioning technologies;
- A member of national and/or local security groups.
Technology we use:
We tailor solutions to our customers. You might work on projects using any of the following technologies (or other similar technologies):
- Security: BurpSuite, ZAP Proxy, SAST/DAST Scanning Tools, Threat Modeling, Kali Linux, Standards &Compliance, Compliance standards, Application Security, Layer 7 Firewalls, OSSEC, Hashicorp Vault, STIX, TAXII;
- Automation: Chef, Puppet, Docker, Ansible, Salt, Terraform, Automated Testing
- Containerization Ecosystem: Docker, Rancher, CoreOS, Kubernetes
- Cloud &Virtualization: AWS, GCP, Azure
- Tools: Jenkins, Atlassian Suite, Vagrant, Git, Packer
- Monitoring: SysDig, DataDog, AppDynamics, Sentry, Nagios, Prometheus
- Databases/Datastores: Redis, Postgres, MySQL, MongoDB
- Languages: Ruby, Python, Go, Java, JavaScript
We are committed to equal-employment principles, and we recognize the value of committed employees who feel they are being treated in an equitable and professional manner. We are passionate about finding ways to attract, develop and retain the talent and unique viewpoints needed to meet business objectives, and to recruit and employ highly qualified individuals representing the diverse communities in which we live, because we believe that this diversity results in conversations which stimulate new and innovative ideas.
Employment policies and decisions on employment and promotion are based on merit, qualifications, performance, and business needs. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.