Senior Staff Application Security Engineer

About Us Diligent is the global leader in modern governance, providing SaaS solutions across governance, risk, compliance, audit and ESG. Empowering more than 1 million users and 700,000 board members and leaders with a holistic view of their organization’s GRC practices so they can make better decisions, faster. No matter the challenge. At Diligent, you are an agent of positive change. You are joining a team of passionate, smart, creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place. Be a part of a global community on a mission to make a real impact. Learn more at  diligent.com . Position Overview: The Senior Staff Application Security Engineer will be a member of the Security group and will work closely with Product and Software Engineering teams. The Application Security team at Diligent is primarily responsible with overseeing secure development, creating best practices and processes for the technology organization, and maintaining security tools and procedures. The ideal candidate will be a proven security leader with excellent engineering and communication skills. They have extensive experience collaborating with engineering partners.  They are a proven security subject matter expert that succeeds by enabling others to make the right security design decisions and risk mitigations. Key Responsibilities: Partner closely with the product and software engineering teams to improve Diligent Security Software Development Lifecycle Evangelize software security best practices Operationalize Design Reviews, SAST, DAST and other capabilities required to scale security reviews across the organization Drive program management activities required to establish effective delivery and execution of SSDLC activities Triage and validate internal and externally reported issues and recommend solutions that fit Diligent’s risk profile Perform application security code reviews and penetration testing Contribute to security policy, standards, and guidelines related to guide our product and technology teams Participate in design reviews and threat modelling Contribute to Diligent’s strategic direction and plan Research emerging technologies and maintain awareness of current security risks Required Experience/Skills: Validated experience in application security engineering or software development with a security focus Experience working with product and software development teams to drive remediations to threats and vulnerabilities for SaaS based commercial products A strong understanding of AWS services and security controls Experience with performing risk assessments to evaluate risk and provided appropriate recommendations on risk mitigations Excellent understanding of OWASP Top 10, Mitre ATT&CK, NIST, CVSS, and CWE criteria Expert experience with code analysis and/or penetration testing tools Experience with container technologies such as Docker, ECS, Kubernetes and container security What Diligent Offers You   Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients We care about our people.  Diligent offers a flexible work environment, global days of service, comprehensive health benefits, meeting free days, generous time off policy and wellness programs to name a few We have teams all over the world . We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, Singapore, and Sydney. Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding. Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.  Headquartered in New York, Diligent has offices in Washington D.C., Baltimore, London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney.    We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and Know Your Rights . We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at recruitment@diligent.com . To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.