Application Security Architect
LivePerson (NASDAQ: LPSN) is the global leader in enterprise conversations. Hundreds of the world’s leading brands — including HSBC, Chipotle, and Virgin Media — use our award-winning Conversational Cloud platform to connect with millions of consumers. We power nearly a billion conversational interactions every month, providing a uniquely rich data set and safety tools to unlock the power of Conversational AI for better customer experiences.
At LivePerson, we foster an inclusive workplace culture that encourages meaningful connection, collaboration, and innovation. Everyone is invited to ask questions, actively seek new ways to achieve success and reach their full potential. We are continually looking for ways to improve our products and make things better. This means spotting opportunities, solving ambiguities, and seeking effective solutions to the problems our customers care about.
Overview:
We’re looking for an experienced, passionate, hands-on Application Security Architect eager to help LivePerson to deliver secure Web and mobile based solutions, by helping to implement and apply agile Secure Software Development Lifecycle processes. As an application security architect working closely with the Penetration Testing team and engineering organization you will be expected to contribute both on an individual application basis as well as a global strategic basis to raise the application security posture across the organization, conduct security reviews and assessments, identify application security vulnerabilities through a combination of techniques, develop security standards and guidelines for applications, disseminate application security knowledge to both the security and development communities and innovate towards the goal of establishing novel application security services.
You will:
- Conduct security oriented architecture reviews, code reviews and configuration reviews
- Work with engineering and product teams to integrate security into the software development lifecycle and Collaborate with the development engineers and provide mitigation recommendations
- Perform security design reviews and threat modeling
- Perform security penetration tests (both application and infrastructure for Web and mobile applications)
- Analyze, validate and verify potential threats and vulnerabilities
- Support source code reviews and penetration testing for web, mobile, IoT, and/or cloud-native architectures.
- Manage and enhance application security tools (Static Code Analysis, Open Source vulnerabilities tools, Dynamic Application Security tools, etc), and develop in-house application security automation tools
- Assist in maintaining SSDLC program and Application Security policy standards and guidelines
You have:
- 5+ years of experience in application security (web and mobile) assessments.
- Excellent understanding of software security architecture and design
- Have a good understanding of a wide range of technologies, programming languages and application frameworks to identify risks and vulnerabilities
- Knowledge and hands-on experience with Application Security reviews, Program Assessments and Maturity Scoring, Vulnerability Assessments, Risk Assessments, SDLC process improvement
- Experience in performing threat modeling and pen testing
- Knowledge of application software development processes, including automated build and delivery techniques
- Understanding of cloud-based architectures (AWS, Azure, GCP) and patterns such as microservices and cloud-native systems and container technologies such as Docker / Kubernetes
- Experience with one or more of the following languages: Java, JavaScript, Go, Python, or similar.
- Good communication skills and a desire to function in a global team.
- Ability to work with diverse and dynamic teams
- Ability to collaborate and work directly with security and software teams to enhance the security posture of their systems.
- Excellent written and verbal English communication skills
Prefered Skills
- Experience with Public Cloud Security
- Experience with network, cloud. mobile or IoT security.
- One or more of the following certifications: CISSP, CEH, OSCP, OSCE, GPEN, CPT etc
Benefits:
- Health: medical, dental, and vision
- Time away: vacation and holidays
- Development: Generous tuition reimbursement and access to internal professional development resources
- Equal opportunity employer
- #LI-Remote
Why you’ll love working here:
As leaders in enterprise customer conversations, we celebrate diversity, empowering our team to forge impactful conversations globally. LivePerson is a place where uniqueness is embraced, growth is constant, and everyone is empowered to create their own success. And, we're very proud to have earned recognition from Fast Company, Newsweek, and BuiltIn for being a top innovative, beloved, and remote-friendly workplace.
Belonging at LivePerson:
We are proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to age, ancestry, color, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or mental disability, protected veteran status, race, religion, sex (including pregnancy), sexual orientation, or any other characteristic protected by applicable laws, regulations and ordinances. We also consider qualified applicants with criminal histories, consistent with applicable federal, state, and local law.
We are committed to the accessibility needs of applicants and employees. We provide reasonable accommodations to job applicants with physical or mental disabilities. Applicants with a disability who require reasonable accommodation for any part of the application or hiring process should inform their recruiting contact upon initial connection.