Principal Application Security Engineer
BLACKBIRD.AI
Administration
New York, NY, USA
Posted on Sep 19, 2024
Blackbird.AI helps organizations discover emergent threats and stay one step ahead of real-world harm through our AI-powered Narrative and Risk Intelligence Platform. Our commitment is to prioritize safety and security, providing the tools to identify potential risks and ensure a safer environment proactively. No matter the job or where it’s located, we’re all connected by a shared vision: To lead and enhance the landscape of risk intelligence.
We are seeking a highly skilled Principal Application Security Engineer to join our team. Reporting directly to the CISO, you will play a critical role in securing our applications and infrastructure hosted on AWS and Kubernetes. Your expertise will be instrumental in helping us achieve key security certifications such as SOC 2, overseeing penetration testing, and implementing best practices to enhance our security posture.
As the Principal Application Security Engineer, you will:
- Security Strategy and Leadership
- Develop and implement a comprehensive application security strategy aligned with company objectives.
- Lead initiatives to achieve security certifications, including SOC 2, FEDRAMP, GDPR compliance.
- Collaborate with cross-functional teams to integrate security best practices into all stages of the Software Development Lifecycle (SDLC).
- Application and Infrastructure Security
- Assess and enhance the security of applications hosted in AWS and Kubernetes environments.
- Conduct regular security assessments, code reviews, and vulnerability scans.
- Implement security controls and policies to protect against threats and vulnerabilities.
- Compliance and Certification
- Prepare and lead efforts to achieve SOC 2 certification and maintain compliance.
- Coordinate with external auditors and ensure all security documentation is up-to-date.
- Monitor and enforce compliance with industry standards and regulations.
- Penetration Testing and Risk Assessment
- Plan and oversee regular penetration testing activities.
- Analyze test results and work with development teams to remediate identified vulnerabilities.
- Continuously monitor for emerging threats and adjust security strategies accordingly.
- Education and Mentorship
- Provide training and mentorship to engineering teams on secure coding practices.
- Promote a culture of security awareness throughout the company
