Application Security Engineer
Our Story: Litera, headquartered in Chicago, IL, is a fast-growing software company and one of the leading legal technology suppliers in the world. Serving more than 90% of the world's largest law firms, our software is used by hundreds of thousands of lawyers every day. As a company recognized as one of the best places to work, we believe professional development, rewards programs, open communication, and transparent leadership all contribute to a unique and open work environment. Our employees are driven, energetic, passionate, and have the ability to make a direct impact on the future of the company.
The Opportunity
This role will be a part of an energetic and dynamic team of Product / Application security professionals, working closely with business and technology teams servicing a global business & customer base. This role will provide technical expertise in application security testing (SAST, DAST, Manual) and SSDLC execution. The Application Security Engineer will report to the Application Security Manager and contribute to Litera’s application security evolution.
Key Responsibilities:
- Perform Application security scanning (manual & automated) and identify mitigations by working closely with Litera’s development teams.
- Take part in security training for developers.
- Perform application security code reviews and drive the identified code flaws to closure.
- Implement processes utilizing automation to identify, track and remediate security flaws in our code and cloud estate.
- Integrate and enforce secure development practices within Litera’s SDLC.
- Aid penetration testing engagements and remediation of the findings.
- Perform any other application security / product security architecture related activities as directed.
What you Bring:
Technical skills:
- 2+ years experience in application development and 1+ years experience identifying and remediating application security flaws.
- Good experience with at least one programming language is a must
- Knowledge about source control and build / deployment pipelines (Jenkins, Azure DevOps, GitHub or other similar tools).
- 1+ years experience on scanning tools (Veracode, Burp suite, Checkmarx, Acunetix, IBM appscan or other similar tools).
- Excellent understanding of OWASP risks, vulnerabilities, and mitigation mechanisms.
- General experience with Azure & AWS will be an added advantage.
- Security remediation experience and adoption of security controls & best practices in a public cloud provider (Azure/AWS Cloud preferred) and experience integrating scans into pipelines are a plus.
Soft skills:
- Curiosity, strong initiative, drive and self-direction.
- Comfort with change and a fast-paced environment - Litera is always acquiring companies and being able to adapt and deal with different technologies is necessary for this job.
- Good communication skills as this job requires working with all development and product teams across Litera to explain flaws and drive fixes.
- Will to spread knowledge about security, as we are also responsible for making sure developers become better in security.
- Demonstrate continuous growth and consistency in the performance of the assigned tasks."
What sets us apart?
- Be part of a team at a proven, fast-growing, industry-leading tech company
- Generous allocation of paid time off, and flexible work hours
- Available merit-based cash bonus plan
- Many opportunities for rewards and recognition
- Have fun with your peers while enjoying random ice cream and bagel parties, cold brew tap, keg, and an occasional ping pong game!
If you want to be part of our team, please apply today!
Attach your resume (in English)
