Security Engineer – Application Security

Job not on LinkedIn

November 11

Apply Now

Receive Emails with Similar Jobs

N3XT SPORTS

WebsiteLinkedInAll Job Openings

Sports • B2B

N3XT SPORTS is a consultancy and services firm focused on transforming and modernizing the sports industry through digital transformation, strategy, innovation, investment advisory, project management, commercial services, and marketing and communications. The company partners with sports organizations, technology and investment ecosystems across the US, Europe, and the Middle East to deliver end-to-end programs from assessment and strategy to deployment and advisory, with emphasis on data-driven fan engagement and commercial growth.

11 - 50 employees

Founded 2018

⚽ Sports

🤝 B2B

📋 Description

• Drive security best practices into the SDLC, including security architecture reviews, threat modeling, and secure coding guidance. • Implement and manage automated application security tools (SAST, DAST, SCA) in CI/CD pipelines for credential scanning, static/dynamic analysis, and dependency scanning, and take direct, hands-on ownership of analyzing the reported vulnerabilities, coding the required fixes, testing the remediation, and ensuring successful deployment. • Conduct regular application security testing, coordinate third-party assessments, and actively participate in fixing identified vulnerabilities. • Configure and maintain Web Application Firewalls (WAF) to protect applications. • Design and implement security controls for APIs, including authentication, authorization, and API gateway policies. • Implement security controls for cloud-deployed applications, leveraging cloud-native security services for threat detection. • Deploy and manage application-focused SIEM detections, centralize application log collection, and support security monitoring. • Participate in incident response for application-specific threats. • Develop and maintain application security policies, standards, and guidelines (e.g., OWASP Top 10, NIST, ISO 27001). • Work closely with Full Stack Engineers to educate them on secure coding practices, provide training, and empower them to build secure applications. • Collaborate with product engineering, DevOps, and SRE teams to implement secure, usable, and efficient security solutions.

🎯 Requirements

• At least 5 years of professional experience, with a strong blend of both software engineering and application security. • Proficiency in software development and code remediation (ideally JavaScript/TypeScript), as this role contributes directly to codebases for security fixes and features. • Expertise in SSDLC principles including threat modeling, secure design patterns, and secure coding. • Hands-on experience with commercial and open source application security scanning tools (e.g., GitHub Advanced Security, Pnpm audit, Nodejsscan, Burp Suite, Invicti, OWASP ZAP, Gitleaks) for SAST, DAST, SCA, and secret detection. • Strong understanding and practical experience with Web Application Firewalls (WAFs). • Proficiency in cloud security controls for applications (e.g., GCP, Cloud Armor, Security Command Center, IAM hardening, Cloud Logging). • Solid understanding of API security best practices and experience securing RESTful, tRPC and GraphQL APIs. • Proficiency in SIEM & log management for application security, including log aggregation, correlation, visualization and threat detection. • Proficiency in scripting for automation and integrating security tools into CI/CD pipelines. • Strong understanding of common application vulnerabilities (e.g., OWASP Top 10). • Excellent communication and collaboration skills to effectively convey security concepts to developers and other stakeholders.