ABOUT US
HirexHire (pronounced hire by hire) is a Chicago-based recruiting and talent consultancy that integrates with companies short-term to provide long-term talent solutions. We take a seat in our client’s everyday operations to understand their people's goals, gaps, and challenges. We then develop and implement the processes and technologies to execute a sustainable and scalable talent plan.
We partner with companies expecting or experiencing high growth who need to hire at scale or fill a critical role rapidly. Our clients are not looking for quick-fix placements but are thoughtfully building a hiring strategy to scale their businesses.
OUR CLIENT
Location: Remote from Kosovo
Headquarters: Chicago, IL
Industry: Legal Software Space
Company Size: 900+
What They Do: Our client works in document management and workflow as an industry leader in the legal space. they deliver an innovative approach to enable automation to solve complex business challenges.
Contact Us For More Client Information
THE ROLE
Our client is looking for a Senior Application Security Engineer who will be a part of an energetic and dynamic team of Product / Application security professionals, working closely with development, DevOps, and technology teams servicing a global business & customer base. The Senior Application Security Engineer will provide technical expertise in application security testing (SAST, DAST, Manual), SSDLC execution, and flaw remediation, and will report to the Application Security Manager to contribute to our client’s application and cloud security architecture evolution.
WHAT YOU WILL DO
- Perform Application security scanning (manual & automated) and identify mitigations by working closely with our client’s development teams.
- Perform application security code reviews and drive the identified code flaws to closure.
- Develop processes utilizing automation to identify, track and remediate security flaws in our code and cloud estate.
- Integrate and enforce secure development practices within our client’s SDLC.
- Continuously analyze the security profile of our client’s cloud applications and infrastructure while implementing best practice security configurations & design with the DevOps team.
- Lead penetration testing engagements and remediation efforts for our cloud estate.
- Perform any other application security / product security architecture-related activities as needed.
- Participate in development training in security, by helping find resources and doing presentations around exploits (in the wild and internal flaws that have already been remediated.
WHAT YOU WILL NEED
- 3+ years of experience working on scanning tools (Veracode, Burp suite, Checkmarx, Acunetix, IBM AppScan, or similar tools)
- Experience in integrating security tools with CI/CD pipelines.
- Excellent understanding of OWASP risks, vulnerabilities, and mitigation mechanisms.
- Experience disseminating security knowledge and guiding others on security fixes.
- Knowledge of SSDLC process.
- Security remediation experience and adoption of security controls & best practices in a public cloud provider (Azure/AWS Cloud preferred) is a plus.
- Bonus for experience working with Infrastructure as Code and DevOps culture and principles.
