Application Security Engineer

Full Time
Charlotte, NC, USA
21 hours ago

This role is not open to visa sponsorship or transfer of visa sponsorship including those on OPT and STEM-EXT OPT, nor is it available to work corp-to-corp.

As a Cloud Security Engineer at Red Ventures, you will be a core player who participates in and leads multiple security efforts. You will work closely with development teams, product managers, and our enterprise teams to ensure that Red Ventures brands and products are secure. You will proactively identify and assess security risks and advise technical teams on mitigation strategies while being a great person to work with.

What You’ll Do:
  • Advise product, platform engineering, application development, and ITOps teams as their security SME, guiding Red Ventures standards with a mind towards industry best practices.
  • Design and implement detections and controls to defend against well-documented as well as emerging threats.
  • Drive the vulnerability remediation/patch management process across business verticals in cloud environments.
  • Work with a broad group of both development teams and non-technical personnel to translate complex security requirements into positive security outcomes.
  • Lead initiatives to holistically address multiple security vulnerabilities or gaps found in key functional areas.
  • Use knowledge of web application technologies to assess webpages, APIs, and SaaS services for known vulnerabilities and emerging adversary TTPs then champion their remediation.
  • Using deep understanding of cloud native technologies assess application infrastructure for vulnerabilities as well as the security of their configuration and help development teams to prioritize the work required to remediate them.
  • Using knowledge of version control systems and the software development lifecycle, assess repositories for vulnerabilities in source code and help to enforce industry best practices for building and deploying software safely.
  • Help drive existing security initiatives in Developer, Application, Cloud, Network, Host, and SaaS Security.
  • Build and deploy integrations and automations for security tools using modern, cloud native technologies such as managed container orchestration services (ECS / EKS) and serverless deployments (AWS Lambda).
  • Triage detection events and help lead incident remediation.
  • Leverage cutting-edge endpoint detection and response tools to detect malicious activity and efficiently respond to threats.
  • Assist in penetration testing planning and engagements.
  • Assess the latest security tools using good research practices, leveraging strongly defendable objective metrics to the greatest extent possible.
  • Provide input and help shape company-wide security policies, standards, and initiatives.
What We’re Looking For:
  • Must Have:
    • 5+ years of practical experience in Cyber Security OR a Bachelor’s Degree in Computer Science, Computer Engineering, Information Technology, or a related field with 3+ years of experience in Cyber Security.
    • Strong understanding of, and hands-on experience with, cloud infrastructure/networking, related security controls, tools and best practices (AWS preferred, GCP a plus).
    • Experience with SAST, DAST and SCA tooling.
    • Experience with EDR platforms and responding to alerts/incidents accordingly.
    • Strong experience in remediating or coordinating the remediation of common security vulnerabilities in configurations, deployed services, and/or application source code.
    • Experience implementing security solutions that resolve security issues and account for business impact trade-offs.
    • Strong software development or scripting experience and skills.
    • Familiarity with security frameworks such as NIST CSF, ISO 2700x, etc.
    • Excellent professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
  • Even Better:
    • Be able to think both offensively (red team operations) and defensively (evaluating product security and security architecture).
    • Detection engineering knowledge and experience, especially for singular detections that leverage multiple data sources.
    • Strong understanding of attacker techniques with the ability to correlate emerging threats to frameworks like the MITRE ATT&CK and engineer hand crafted detections and controls to detect and defend against them.
Compensation:
  • Cash Compensation Range: $100,000 - $150,000
    • Note: Actual salary is based on geographic location, qualifications, and experience.

Additionally, the following benefits are provided by Red Ventures, subject to eligibility requirements.

  • Health Insurance Coverage (medical, dental, and vision)
  • Life Insurance
  • Short and Long-Term Disability Insurance
  • Flexible Spending Accounts
  • Paid Time Off
  • Holiday Pay
  • 401(k) with match
  • Employee Assistance Program
  • Paid Parental Bonding Benefit Program

Who We Are

Founded in 2000, Red Ventures (RV) is home to a diverse portfolio of industry-leading brands and businesses, strategic partnerships and proprietary technology – including Bankrate, Lonely Planet, The Points Guy, BestColleges and more. Together, RV helps millions of people worldwide make life’s most important decisions, accelerates digital adaptation, and innovates the online consumer experience by improving every step of the consumer journey – from first discovery of information, throughout the decision-making process, to transactions. Headquartered south of Charlotte, NC, Red Ventures employs thousands of people across the US and Puerto Rico, with international offices in the UK and Brazil. For more information, visit https://redventures.com and follow @RedVentures on social platforms.

We offer competitive salaries and a comprehensive benefits program for full-time employees, including medical, dental and vision coverage, paid time off, life insurance, disability coverage, employee assistance program, 401(k) plan and a paid parental leave program.

Red Ventures is an equal opportunity employer that does not discriminate against any employee or applicant because of race, creed, color, religion, gender, sexual orientation, gender identity/expression, national origin, disability, age, genetic information, veteran status, marital status, pregnancy or any other basis protected by law. Employment at Red Ventures is based solely on a person's merit and qualifications. 

We are committed to providing equal employment opportunities to qualified individuals with disabilities. This includes providing reasonable accommodation where appropriate. Should you require a reasonable accommodation to apply or participate in the job application or interview process, please contact accommodation@redventures.com. 

If you are based in California, we encourage you to read this important information for California residents linked here.

Click here for more details regarding the employee privacy policy: https://www.redventures.com/legal/us-emp-privacy-notice

Questions about this Privacy Notice can be directed to employeerights@redventures.com. Alternatively, you may raise any questions or concerns to your manager, HR Business Partner, or through the Privacy Team.