[Hiring] AppSec Engineer I @LivePerson

Role Description

The AppSec team at LivePerson is responsible for testing the security of LivePerson applications and environments, on-premises and cloud. All of our AppSec team members are expected to have a thorough understanding of complex IT systems and stay up to date with the latest security vulnerabilities, standards, systems and protocols, as well as testing tooling and methodologies.

This role manages SDLC integrated application security testing tooling and integrations, drives risk reduction and vulnerability remediation and assists in the closing of discovered vulnerabilities and weaknesses.

The right candidate will have a can do, follow-up and follow through attitude. They will be able to understand and assess our environments for vulnerability and communicate the associated risk to internal and external stakeholders.

You will:

• Manage and enhance application security tools (Static Code Analysis, Open Source vulnerabilities tools, Dynamic Application Security tools, etc), integrations, and develop in-house application security automation tools.
• Validate discovered vulnerabilities using code review skills and manual/semi-automatic tooling like Burp.
• Validate external penetration test results and work with internal and external stakeholders.
• Perform some security penetration tests (both application and infrastructure for Web and mobile applications).
• Work with the engineering and security teams to provide actionable reporting, find and explain security issues, suggest mitigations, and determine when issues are mitigated.
• Stay up to date on the latest testing tools and techniques ensuring both your and the team is using the most effective and efficient methods.
• Produce both high level and detailed reports and metrics to support data-based decisions.
• Assist in creating and updating Application Security procedures, policy, standards and guidelines.
• Train, coach and mentor other members of the team, development and the broader LivePerson Security and Engineering teams.

Qualifications

• Understanding of software security architecture and design.
• Broad experience of information security and AppSec testing techniques.
• Practical experience in an application security role with manual testing.
• Solid understanding of cloud environments (GCP especially), web protocols, weaknesses and vulnerabilities.
• Good working knowledge of current IT risks and experience testing, exploitation and mitigation techniques.
• Working knowledge or experience with one or more of the following: Shell, Java, Python, or Node.js.
• Experience developing automation and exploitation scripts.
• Experience or strong interest in penetration testing, including cloud deployed applications.
• Ability to interact with a broad cross-section of personnel to explain security vulnerabilities.
• Highly curious and dedicated to continuous learning.
• Excellent written and verbal communication skills.

Benefits

• Health: medical, dental, and vision.
• Time away: 28 vacation days.
• Development: Generous tuition reimbursement and access to internal professional development resources.
• Additional: Food Vouchers.