Application Security Engineer at Koraplay

About The Role

As an Application Security Engineer at Kora, you will work with the Application Security team to define and execute the security strategy of our products

You will ensure that security is embedded in how we build our products from design and development to testing to how we run them and partner with Product and Engineering teams to strategically guard against existing or emerging threats.

This position is responsible for cultivating a culture of security awareness across the Engineering & Product teams.

The ideal candidate has deep technical security knowledge and expertise and will help define and implement robust security architecture strategies, frameworks, and governance processes.

In this role, you will be designated to one of Kora's strategic business units.

Here are a couple of things you'll be doing:

• Upholding code reviews across all code platforms.
• Take charge of bug intake and remediation processes for the organization.
• Provide leadership for application vulnerability scanning and penetration testing remediation.
• Manage integration with vulnerability check tools such as Static Code Analysis and Dynamic Code Analysis tools.
• Discover Security exposures and mitigation plans, and report and fix the technical glitches.
• Administering and carrying out configuration optimization on Web Application Firewalls.
• Actively participate in security initiatives with minimum supervision.
• Be the subject matter expert for application security solutions.
• Provide guidance for junior-level security engineers.
• Work closely with cross-functional teams (Engineering, DevOps, and Product) while carrying out daily tasks.
• Responds to computer security incidents according, leverages subject matter expertise where established processes do not exist.
• Acts as a subject matter expert regarding CSIRT incident response processes.
• Identify and manage potential and actual operational issues within the incident detection/response domain and take corrective action.
• Contribute to requirement gathering with the product team in the area of application security.
• Work together with cross-business units on executing standardized security solutions and integrations.
• Assist in the development of automated security testing to validate that secure coding best practices are being used.
• Conduct regular security assessments and report on findings.
• Work as a red team member, driving an offensive security approach to improving the security posture of the organization.
• Other duties as assigned by the CISO.

Requirements

Here's what are we looking for:

• Minimum of 3 years’ experience as an Application Security Engineer.
• Minimum of Bachelor’s degree in Computer Science or Information Security, or in a related technical field.
• Someone who has a thorough understanding of attacks and threats.
• Strong understanding of cybersecurity concepts and principles.
• Strong understanding of System Architecture, both On-prem and Cloud.
• Strong software design and implementation know-how, strong familiarity with web protocols, a thorough knowledge of Linux/Unix tools and architecture, and being well-versed in application security and infrastructure security.
• Experience of performing cyber assessments on systems (including Cloud assessments)
• Experience of Threat Modelling and Impact/Likelihood assessments is a must
• Understanding of emerging technologies and corresponding cybersecurity threats
• Problem-solving and analytical skills.
• Someone who follows security best practices when performing tasks
• Self-motivated individual who is adaptive to change.
• Should possess good communication skills to explain complex security topics in simple language and easy to understand concepts.
• Experience in risk identification, secure software design, secure architectures, secure testing, or vulnerability detection and remediation
• Experience in service-oriented architecture and web services security
• Understanding of OWASP 10.
• SANS, GIAC, CISSP, CISM, CISA, CEH and any other security certification is desirable.
• An engineer who is wholeheartedly about automating checks and tests.
• Finally, you live and breathe security, you have bags of energy, obsess about security & trust and you are passionate and breathe security!