Your role

As a Senior Application Security Engineer, you will use data collected from a variety of information security tools and sources (including web application logs, intrusion detection system alerts, firewall and network traffic logs, and host system logs) to analyze events that occur within the enterprise, perform threat analysis, and improve our detection capabilities. 

You will onboard new technologies, develop and deploy new detections, mitigation strategies, and processes for detecting cyber security threats.

You will routinely evaluate priorities based on the dynamic nature of the environment. The role requires close collaboration with peers across multiple geographic regions to discuss issues, solutions, and investigations. Develop partnerships with multiple internal security, operations, and business teams to improve security operations. 

Mentoring is highly encouraged to develop professional relationships and grow colleagues.

You will be part of a global team and will be working from our Barcelona, Spain office.

 

 

What You'll Do

Learn, adapt, and apply knowledge gained to improve preventative and detective mitigations. Implement signature-based detections and mitigations within WAF and RASP solutions to secure our web application. Use tool sets to perform analysis of cyber security events. Cross train and learn within and across focus groups. Participate in and lead threat hunts. Mentor and coach junior team members and peers. Identify systems impacted by new vulnerabilities. Perform in-depth analysis of cyber security events using SIEM, EDR and other security tool capabilities.

  

 

Your Qualifications & Skills

Minimum of 5 years related experience in an information security role, supporting security programs and security operations in complex enterprise environments.  Knowledge and first-hand experience of application security best practices and standards such as OWASP Top 10 and SANS Top 25 Self-motivated, excellent analytical problem solving, and critical thinking skills Ability to clearly communicate with other technical and non-technical teams proactively during investigations, lessons learned, and to learn about the environment Experience creating custom detection rules  Strong understanding of application security threats and vulnerabilities Scripting, programming knowledge and experience

 

 

Nice to have

Familiarity with network and endpoint security applications and tools including network scanning tools, NIDS/HIDS, firewalls, and web proxies. Expert level understanding of secure networking principles, routers, switches, and load balancers. Strong knowledge of web technologies, middleware, database, OS, firewalls, network communication protocols and methods. Strong knowledge of cloud architecture and security principles, risk management frameworks and Unix, Linux, and Windows system administration. Familiarity with industry recognized frameworks including but not limited to MITRE ATT&CK, ADS, NIST 800, and CIS Recognized industry certification and continuing education programs are a major plus including GCIH, GCIA, CISSP, GCFA, GMON, GREM, GNFA Bachelor-level university degree in a relevant field from an accredited university, or equivalent.  Hands-on experience using SIEM for data analysis and EDR tools for response purposes Experience with logging and log analysis Experience with high-level software design and development and the design, use, and deployment of automation and orchestration frameworks

 

 

Career Level - IC3