Small business success begins with better banking. That’s where we come in. BlueVine is a leader in small business banking - providing smart, fast and easy-to-use solutions specifically designed with small business owners in mind. We’ve helped 20,000+ businesses since we started in 2013, funding more than $2.5 billion in working capital through our pioneering online platform. Headquartered in Redwood City, CA (across the RWC CalTrain station), BlueVine is backed by leading investors including Menlo Ventures, Lightspeed Ventures, Citi Ventures, SVB Financial, Nationwide Insurance, M12 (Microsoft’s Venture Arm).
We are looking for an Application Security Specialist.
As an Application Security Specialist you will be a key role within the Information Security department, focused on application security for our multiple applications. The application security specialist will be a valued partner to the operational and engineering teams to ensure secure architectures, patterns and solutions are created and maintained.
Creation and execution of a training and awareness program for secure development and best practice is a key component of the role. In this role you will be the subject matter expert for secure code development and work with various application engineering teams to develop alternatives for remediation of vulnerabilities.
WHAT YOU'LL DO:
- Conduct time boxed web application assessments
- Conduct remediation validations against prior findings
- Conduct code reviews and static code analysis
- Consult with developers and architects on secure development
- Work with application teams to communicate vulnerabilities, demonstrate issues, and provide remediation guidance
- Help build and improve secure development processes
- Stay up to date on application security attack vectors and risk
WHAT WE LOOK FOR:
- Minimum - 5 years of experience in the Information Security field
- Experience with application security
- Experience with Bash/Perl/Python/Ruby scripting
- Deep knowledge of Linux systems (3+ years)
- Experience performing code reviews and with associated applications such as static code analysis tools (Checkmarx, Vericode) in several languages
- Knowledge of dynamic code scanners such as AppScan or Qualys
- Knowledge of DevOps and Agile methods
- Knowledge of web application architectures
- Knowledge of threat modeling
- Ability to learn quickly, be self motivated to improve knowledge base and tackle new challenges
PLUS BUT NOT REQUIRED
- Experience with source control management systems, preferably Git.
- Experience in Penetration Testing
- At least 1 year of experience with Cloud IaaS services such as: AWS, Azure, GCP