Application Security Engineer (Secrets Management)

Have the skills and knowledge for the job? Learn more about the opening below!

Key Responsibilities:

• Work closely with Application Security team to drive the initiative of secrets remediation program

• Part of Cyber Assessment team, to build internal reusable libraries as a standalone component in remediation of secrets/credentials in the source code

• Evaluating and attempting to understand organization security requirements and secrets/credentials to be moved to vaults specifically to AKV and Hashicorp

• Understanding secure design to ensure newly built codes are secured and pass through the Application security gates

• Independently design and develop utilities to resolve the larger problem of hard coded secrets in the configuration files to be migrated to the vaults

• Participate in project related meetings: information gathering, solution design, project checkpoints

• Keeping automation in mind while developing the solution for remediation to self-heal solutions 

• Propose, examine and assist in the solution design to adequately resolve or remediate the hard coded secrets from source code while keeping away any impact to the system

• Evaluate business needs while solving the problem, design thinking and effective communication with stakeholders

• Apply creative problem solving throughout the secure software development life cycle to continuously improve the effectiveness of the end-to-end process.

• Ideate. Test. Learn. Iterate. Bring a flexible, adaptive mindset, comfortable with ambiguity in a rapidly changing technology environment.

• Be a continuous learner, not only for your own career, but from teams’ successes and failures.

• Embrace open-source communities, both internally and externally, sharing your knowledge across your team and peers.

Qualifications:

• Education: Bachelor’s degree in computer science or related discipline

• Experience: Minimum 5 years of experience in performing hands-on application development preferably using Java/Python/C# programming languages

• Software design and development experience, especially in building backend systems 

• Hybrid Work Arrangement: Amenability and readiness to work onsite and from home anytime (dependent on business need AND/OR current external environment/situation)

• Amenable to work UP Ayala Technohub (Quezon City)

• Amenable to work on a hybrid set-up (3x a week onsite)

• Amenable to work on a fixed late mid shift / night shift schedule

Minimum Skills to Hire/Must Haves:

• Clear understanding of software secrets management, credentials and secret life cycle in application development

• Adequate knowledge on different types of Secrets used in Application, specific hands-on experience in dealing with API credentials are always plus point

• Demonstrated technical knowledge of secure SDLC, understanding on GitHub, SCA, SAST, DAST and Secrets scans are must  

• Possess good holding on the SDLC tools like IDE, GitHub, Snyk, GitGuardian and the best programming practices 

• Extensive technical knowledge of security industry best practices and procedures.

• Demonstrated experience with security assessment frameworks and procedures, including following industry best practice methodologies to ensure business components are ready

• Experience in developing security tools, using scripts and utilities to automate assessment and analysis activities

• Excellent verbal and written communication skills including the ability to articulate the remediation steps back to the customers

• Exceptional customer service, communication and interpersonal skills.

• Ability to communicate and work closely with executives, peers and employees at all levels.

• Strong time management and organizational discipline

• High degree of integrity, competence, adaptability, resilience and initiative.

• Experience working in an international environment with people from multiple cultures preferred.

When you join our team:

• We’ll empower you to learn and grow the career you want.
• We’ll recognize and support you in a flexible environment where well-being and inclusion are more than just words.
• As part of our global team, we’ll support you in shaping the future you want to see.