The Company

Diligent is the world's largest GRC SaaS provider, serving nearly 1 million users from 25,000 organizations around the world. Our software enables holistic and informed conversations about governance, risk and compliance and ensures CEOs, CFOs and the board have an integrated view of audit, risk, information security, ethics and compliance from across the organization.

Our world-changing idea is to bring technology, insights and confidence to leaders so they can build more effective, equitable, and successful organizations - and create lasting, positive impact on the world. We seek to empower organizations to be better for their stakeholders and communities, for their customers and employees, for their bottom line.

Headquartered in New York, Diligent also has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney.

Position Overview

The Application Security Engineer will be a member of the Security group and will work closely with Product Design, Software Development, and Production Operations. The Application Security team at Diligent is primarily responsible with overseeing secure development, creating best practices and processes for the technology organization, and maintaining security tools and procedures.

They will be providing implementation on security best practices on architectural design, account security (2FA and Identity Management), anti-tamper technologies, secret management, and continuous integration/continuous deployment.

The ideal candidate will come from a development lead, security engineer, or DevOps background with a strong passion and interest in security. This person should be self-motivated, enjoy security work, and thrive working in a global, dynamic, growing company environment.

Key Responsibilities

• Own vulnerability management and mitigation approaches with product teams
• Perform threat modeling, secure feature and architecture assessments, security-critical code reviews, and application security testing
• Document security feature implementations
• Contribute to security policy, standards, and guidelines related to application security
• Research emerging technologies and maintain awareness of current security risks
• Define, implement, and monitor security measures in Diligent Core products

Required Experience/Skills:

• Degree in Computer Science preferably with emphasis on Information Security
• 5+ years of professional work experience in application design and development, 2+ years in application security architecture and design for web and mobile applications
• Knowledge of security concepts for Internet technologies, architectures, and protocols
• Knowledge of application software security concepts
• Experience with mitigating OWASP Top Ten and CWE/SANS Top 25 vulnerabilities
• Experience with a combination of .NET, AngularJS, C#, and/or mobile frameworks
• Experience with project management tools (JIRA)
• Experience with code analysis and penetration testing tools
• Excellent verbal and written communication skills
• Experience with Amazon Web Services, Docker, Kubernetes, and Rancher
• Awareness of security standards and frameworks relevant to the SaaS industry (e.g. ISO, NIST, CSA)

Preferred Experience/Skills:

• Experience in the CI/CD build systems and best practices, especially Jenkins
• Experience building and reviewing node packages and other third-party dependencies
• Experience with secret and key management systems, such as Vault
• Relevant certification in Application Security or Penetration testing (CISSP, CSSLP, GSSP-x, CEH, GPEN, GWAPT, GMOB, Security+)

FLSA Status: Exempt

Diligent offers acompetitivecompensation and benefits package, including health, vision, dental, 401k with a strong match, health club reimbursement and much more.

We are a drug free workplace, and an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws.