Principal Application Security Engineer

Brief Summary of role:

Security plays a critical role at Copado in building and protecting customer trust. We need your help scaling our security initiatives as the company grows and expands its product offerings to new markets and customers. You’ll report to the Director of Security Engineering and translate a bold and evolving vision into operational outcomes during a high growth period for the company.

What you’ll be doing:

• Provide security-focused feedback to engineers, architects, and leaders during all phases of the development lifecycle
• Drive cohesive security architecture across our product lines
• Conduct architecture design reviews, threat modeling, and technical security assessments of products to identify security risks and provide mitigation guidance
• Review source code for secure coding best practices
• Evaluate external tooling, as well as develop new automation and tooling to increase security coverage and efficiency through automation
• Scale the impact of our team through direct mentorship of our more junior team members
• Participate in incident response and vulnerability remediation efforts

We are looking for someone with:

• Communication & Collaboration: You engage and listen empathetically to others, adjusting communication style to fit the audience and message. You are experienced in communicating with technical and non-technical audiences, leadership, external and internal parties.
• Storytelling: Excellent skills in communication and crafting a compelling message.
• Mentoring: You are joining a growing security team, and you’ll use your knowledge and experience to support and uplevel those around you.
• Motivated Learner: You learn new technologies, and processes quickly, and understand where to look for knowledge when you need it.
• Proactive: Copado is rapidly growing, and we need a positive proactive person to build security processes and solutions that support our pace.
• Deep understanding of web application architecture and design principles.
• In-depth experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10 and CWE Top 25.
• Relevant development experience in programming languages such as: Python, Java, JavaScript / NodeJS, Ruby, .NET, C / Objective C, PHP.
• Demonstrated experience building or improving an SDLC program.
• Strong organizational skills around compiling and disseminating the right amount of information for security issues to different types of audiences
• In-depth knowledge of the Salesforce platform, Heroku, Mulesoft, AWS, GCP, or Azure.
• Familiarity with security tools such as static analysis, runtime analysis, black-box testing.
• Experience writing security automation using tools like Semgrep or PMD.
• Public speaking engagements or published research.

Copado is Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Copado does not accept unsolicited headhunter and agency resumes. Copado will not pay any third-party agency or company that does not have a signed agreement with Copado.