Application Security (AppSec) Engineer


Posted on Sep 15, 2020

Ultimate Software

Atlanta, GA

Ultimate Software is seeking an Application Security (AppSec) Engineer to work in our Global Security team.

The Ultimate Software’s (USG) Global Security Research and Architecture (GSRA), application security team, is responsible for both finding bugs and designing mitigations for broad classes of bugs.

We use and work on state of the art tools, maintain the infrastructure that supports our efforts, and empower Product Development to move to move quickly without compromising on safety.

Because of the nature of USG’s product, nearly every system we operate needs to interact with sensitive financial and personal data, making the security team an extremely dynamic environment to join.We are looking for someone with a strong application security engineering and development background.

The ideal candidate can discuss abstract concepts or lead meetings but not be afraid to deep dive in technical details (From whiteboard to JAVA code, from Microsoft World to the linux console). Essential Duties and Responsibilities: Work with our codeDevelop techniques to ensure development teams find flaws before they are introduced into productionBe a security subject matter expert and respond to any security development questionWork with development teams to design solutions that are inherently secureBe a champion for simple security modelsCorrectly balance security risk and product advancementLead software security initiativesLead or participate in threat modeling discussionsPerform code deep dives to uncover security vulnerabilities or designDocument findings and architectural issues for development and other security teams consumptionEvaluate the security posture of existing applicationsPerform proactive research to detect new attack vectors and pentest internal and external appsSoftware development experience in a production environmentA deep understanding of the web application architectureA knack for finding flaws in software and can efficiently communicate how to fix themStrong communication skills and is accustomed to working closely with a product teamDoesn’t always default to industry norms when solving a problemAn ability to think like an attacker to develop threat modelsHas designed and implemented mitigations for common classes of bugsRequired Qualifications/Skills: Five or more years’ experience in:Authentication (Identity management, MFA/2FA)Applied Cryptography (PKI, Appropriate usage of Cryptographic Primitives, Digital Signatures, HASHing, HMACs) Authorization (claims, RBAC, fine grained, coarse grained, XACML, OAUTH, SAML)Web Services Security (WS-Security, Oauth, JWT)Static Source Code Review Tools (e.g.

Fortify, Appscan Source, Contrast, etc).Application Service Hardening (CIS, NSA/DOD STIGs)Coding experience in one or more general languagesMobile App development experience a plusCheck out how we give our employees the chance to work on whatever project they want for 48 hours! https://youtu.be/2Aw55CP1IO8  Typical Interview Process:If your application is selected, a Talent Acquisition Team Member will reach out to schedule a phone screen with them.If selected to move forward, you will complete a HackerRank Coding Assessment.If you pass, you will either move forward to a technical phone call for an additional screening, OR directly to an onsite interview.Offer stage.

How to Apply

Follow the application procedure at stackoverflow.com for more info.


Related positions:

AppSec Engineer (DAST)

Hays, Atlanta, GA

AppSec Engineer (SAST)

Hays, Atlanta, GA

Application Security Engineer

OZK Labs, St. Petersburg, FL

Application Security Engineer

Integral Ad Science, Chicago, IL

Application Security Engineer

Stott and May, Los Angeles, CA

Download free Serefind app to explore more!