Application Security Engineer

Company Overview
Domo's AI and Data Products Platform lets people channel AI and data into innovative uses that deliver a measurable impact. Anyone can use Domo to prepare, analyze, visualize, automate, and build data products that are amplified by AI.

Domo is a native cloud-native data experiences innovator that puts data to work for everyone. Underpinned by AI, data science, and a secure data foundation, our platform makes data actionable with user-friendly dashboards and apps. With Domo, companies get intuitive, agile data experiences that power exponential business impact.

Position Summary
The Application Security Engineer position at Domo plays an integral role in Domo's Secure Development Lifecycle.  Individuals in Domo AppSec are passionate about working closely with the rest of engineering (product managers, developers, and QA) to deliver trusted solutions on the world's best data solutions platform.  Identification, Prevention, Remediation, and Response are at the center of the day in the life of a Domo Application Security Engineer.  This role has direct product impact and influence spanning multiple engineering teams.  App Sec engineers at Domo regularly work with teams with architecture, configuration, threat modeling, penetration testing, and driving engineering and mitigation practices.

Key Responsibilities

• Perform security-focused code reviews
• Support and consult with product and development teams in the area of application security, including threat modelling and AppSec reviews
• Assist teams in identifying, reproducing, triaging, and addressing application security vulnerabilities
• Support bug bounty programs and third-party penetration testing.
• Assist in the development of security processes and automated tooling that prevent classes of security issues
• Lead application security reviews and threat modelling, including code review and dynamic testing
• Security testing to validate that secure coding best practices are being used.
• Guide and advise product development teams in the area of application security for full-stack applications and solutions: cloud, microservices, mobile, desktop and web.
• Assist with recruiting activities and administrative work
• Develop security training and socialize SDLC material with internal development teams.
• Participate and assist in initiatives to holistically address multiple vulnerabilities found in a functional area.
• Serve as mentor to other AppSec team members, providing guidance and support.
• Lead and influence cross-functional positive changes across the Security organization.
• Provide expert guidance and direction for other team members when they encounter challenges in their security reviews.
• Regular use, reporting, and remediation of SAST, DAST tool findings.
• Monitor and influence configuration and dependency management.
• Analyze, implement, and steer cloud configurations and deployment practices.
• Advocate for secure and compliant implementations meeting or exceeding customer and regulatory expectations

Essential
JOB REQUIREMENTS

• Relevant experience of 2 to 6 years in application security or a related field
• Ability to use GitHub and other repository tools
• Experience identifying security issues through code review
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner
• Experience identifying and reviewing frameworks for common flaws and patterns such as React, Angular, Vue, Spring, etc.
• Ability to explain common security flaws and ways to address them (e.g., OWASP Top 10)
• Solid development or scripting experience and skills. Java and Spring, Kotlin, .Net, JavaScript, HTML, CSS, C++, and/or Go are preferred
• Solid understanding of network and web-related protocols (such as TCP/IP, UDP, HTTP, and HTTPS, protocols)
• Strong understanding and experience with common security libraries, security controls, and common security flaws (e.g. static analysis tools, proxying/penetration testing tools)
• Be a subject matter expert (SME) in multiple technical areas impacting the security of the product
• Strong experience working closely with developers
• Significant web and mobile penetration testing experience
• Experience securing and analyzing micro-services cloud infrastructure with web, mobile, and on-prem software solutions

Desired

• Experience with Data platforms and/or Domo
• Security certifications (e.g., CISSP, CEH, or others) are a plus
• Bachelor's or Master's degree in Computer Science, Information Security, or a related field
• Knowledge of cloud security principles and technologies
• Familiarity with container security and orchestration tools (e.g., Docker, Kubernetes)

LOCATION:
Pune, India

View Our Benefits
Domo is an equal opportunity employer