Security Engineer - Application

Full Time
91300 Massy, France
10 months ago

Application Security Engineer (m/f)

Ivalua is a leading provider of cloud-based procurement solutions globally. 

THE OPPORTUNITY

We're looking for a full-time Application Security Engineer to help us secure Ivalua’s SaaS platform as well as corporate internet-facing applications. This includes enhancing the s-SDLC process in place, deploying and maintaining automated scans, performing offensive security testing on the application layer, orchestrating remediation plans and tracking the vulnerability remediation progress via reports and dashboards. Additionally, the Application Security Engineer will participate in the deployment and continuous improvement of the Secure Architecture & Software Development program for keeping Ivalua’s SaaS platform secure.

WHAT YOU WILL DO WITH US

  • Maintain application security tooling (SAST, DAST, automated scripts) and perform manual penetration testing on the Ivalua SaaS platform, internet-facing web applications, web services, CI/CD pipeline, WAF filtering rules etc.
  • Analyze, report, track and retest security vulnerabilities reported through multiple sources (customer, internal and external audits) and provide guidance to fix these in a manner consistent with Ivalua standards
  • Act as the Security Champion to help/guide engineering / development teams in adopting shift-security-to-left practices such as enforcing security by design principles and performing security reviews during the development and testing phases
  • Act as the SME on application security and stay apprised on new vulnerabilities, threats, risks, attack tools and techniques
  • Develop and/or enhance, maintain and deliver a security training program to engineering / development teams and maintain supporting training presentation/secure coding guidelines
  • Support and help analyze technical security controls from new security standards planned in the Ivalua GRC roadmap (PCI DSS, IRAP, NIST 800-54 r5, FedRAMP, SecNumCloud etc.)

YOUR PROFILE

IF you have the below experience and strengths this role could be for you.

Skills and Experience:

  • 2+ years hands-on technical expertise in Application Security, automation, integration, and deployment (DevSecOps)
  • 3+ years expertise in performing various technical security audits in web applications (DAST deployment, penetration tests, security code reviews)
  • Coding experience in scripting, programming and query languages (such as Python, C#, .NET, JavaScript, React, SQL)
  • Experience with the most common security testing tools (BurpSuite, SQLMap etc.)
  • Experience working with vulnerability frameworks standards (e.g., OWASP, ASVS, CVSS, CWE) with a good understanding of the Cyber Kill Chain and pervasive threat attack methods and remediation
  • Experience using Agile software development
  • Understanding of global frameworks and standards like NIST 800-53, ISO 27001/27002/27017/ 27018, SANS CIS 20, PCI DSS etc.
  • An Offensive Security qualification or evidence of starting to work towards e.g. OSCP, GPEN, GWAPT, Hack-the-Box, root-me or similar is preferred but not required
  • Ability to handle multiple tasks, prioritize and meet deadlines

 WHAT WE CAN DO FOR YOU

  • An innovative and stimulating work environment
  • Great training and career development
  • You will work with a diverse and global team made up of exceptionally passionate, talented and motivated colleagues who are established leaders in their field
  • Regular social events, team sports or musical activities (under normal conditions)
  • We pride ourselves in customer experience, Agility, Pragmatism, Positive attitude and enthusiasm, Team play, Continuous learning and Improvement and accountability. 
  • Ivalua received the Happy @ work France and Germany 2020.

COMPANY OVERVIEW

A “Magic Quadrant” leader, Ivalua’s solutions work in a complex global economy.  Our innovative Source-to-Pay solutions include automating customized workflows to source, contract, request, procure, receive, and pay for goods and services across the enterprise, refining the procurement lifecycle while reducing cost and risk of spending on indirect goods, direct goods and services, and improving supplier collaboration.

All companies want the best and brightest. At Ivalua, we also want team members who have a global point of view and who bring customer-focused enthusiasm and ambition to the table. We are a company of doers, of problem solvers, of figure-it-outers. We have fun and we work hard. This is a truly global company with a diverse team of contributors and a set of core values that people can feel every day across all our offices.

For more information please visit us on www.ivalua.com or check us out on LinkedIn.com

Check out our video and find out Who We Are!

Join Ivalua today and procure a great future for your career!

 

#LI-AY1

#LI-HYBRID