At Eye Care Leaders, we're dedicated to equipping clinicians with innovative, secure technology, enabling them to focus on delivering life-changing care to every patient. By joining our team, you'll be at the heart of this mission, helping us continuously improve our offerings to enhance the experiences of both patients and practices.We are a remote-first company with no physical offices, allowing our employees the flexibility to work from anywhere. Every Eye Care Leaders employee is part of a global community, where a vital support network ensures everyone feels heard and valued. Our team is driven by core values: Customer Centricity, Excellence in Execution, and Teamwork.We believe that our work has a profound impact on society. Better eye care leads to a healthier, happier population, and our values keep us aligned with this larger vision.Job Description:As a Lead Application Security Engineer, you will be an AppSec SME in Eye Care Leaders' product development and information security teams. In this role, you will shape the application security posture of the entire Eye Care Leaders business, from its products and cloud services to the people and infrastructure. Your responsibilities include but not limited to, evolving and executing Eye Care Leaders' Secure Development Lifecycle, defining and operationalizing security and privacy standards, performing threat models and security assessments, providing training and deep guidance on remediation and security best practices. You will:Work with Engineers, Product Managers, and Designers at the earliest planning and design phasesImplement automated security testing across the software development lifecycleConduct penetration tests and security reviews for core applications and APIsCollaborate and advise engineering teams on building authentication, authorization, and encryption solutionsDevelop tools to test, monitor, and enforce security across our applicationsCollaborate and advise engineering teams to build authentication, authorization, encryption, and other security implementationsCoordinate with external security researchers testing our application.Be a part of a thriving company with both an entrepreneurial spirit and the experience of an industry leader!ResponsibilitiesGuide a team of developers focused on application security for enterprise applications as well as public facing digital solutions.To conduct dynamic scans and work with development teams to resolve security vulnerabilities uncovered viaStatic ScansSoftware Composition AnalysisDynamic ScansCode ReviewsEstablish and govern security best-practices for developers.Update and communicate documentation on secure coding practices to the larger development organization.Establish metrics and reporting for application security risks based on standards.RequirementsBachelor's degree in Information Security, Computer Science or related field or equivalent work experience.Preferred certifications: OSCP, OSCE, CEH5+ years of experience in Application Security Practice.Extensive hands-on working experience with BurpSuite Pro, SonarQube and Lint, Dependency Track, ZAP, and Kali Linux.Extensive working knowledge in Source Code Review, Penetration Testing, Security Testing or Vulnerability Assessment and Threat Modeling.Good working experience with OWASP Top 10 for web and APIs, ASVS, and CWE Top 25.Ability to identify risks in code, applications, software architecture, and internal development processes.Experience with Web 2.0 technologies such as PHP, JavaScript, GWT, AJAX, jQuery, Sencha GXT, Sencha ExtJS and React/AngularJS is a strong plusGood Analytical, Communication, Presentation and Documentation skills
#J-18808-Ljbffr