Application Security Engineer - US Remote

Degreed is the upskilling platform that connects learning to opportunities. We integrate everything people use to learn and build their careers—skill insights, LMSs, courses, videos, articles, and projects—and match everyone to growth opportunities that fit their unique skills, roles, and goals. We are looking for an experienced Application Security Engineer who would relish the challenge of influencing and guiding our Engineering organization on our journey to web application, APIs, and mobile application security excellence. This role will be based remotely anywhere in the United States or Australia. Day In The Life • Own the security components of the Degreed platform, i.e. the authentication/authorization service, SSO, encryption, secrets management, etc. • Contribute to the review and triage and resolution of security defects. • Conduct risk evaluation and threat modeling for Degreed product features. • Educate and build a culture of security primarily across the Product Engineering teams and also the entire Degreed organization. • Define guidelines and standards for secure development, as part of a broader Degreed security knowledge base. • Work closely with and provide guidance to the Product Engineering and SDET teams to define security requirements and automated security testing for all new features. • Collaborate with the DevOps team to automate security scanning and testing and integrate automated security scanning into the build and deployment pipeline. • Work with the Infrastructure and DevOps teams to ensure that the platform environments are secured in a manner that is repeatable and scalable. • Detect and respond to security incidents. • You will learn, grow professionally, contribute to an amazing team, and play a key role in building a DevSecOps culture that will allow Degreed to grow from a technology scale up to a world leading product company. • Other duties as assigned. Who You Are • You are an experienced Software Engineer with 3+ years experience and deep knowledge in modern languages and frameworks used to build API-based web applications i.e. C#, ASP.NET, JavaScript, TypeScript, Angular, Node etc. • Commercial experience and strong focus on the security of web applications, APIs and mobile applications. • Experience with OWASP, static/dynamic analysis, and common exploit tools and methods. • Experience with SSO using SAML, OAuth, and OpenId Connect. • Familiarity with cloud security controls and best practices. • Possess strong communication, collaboration, and documentation skills. • Solution driven with ability to understand the big picture. • You are a lifelong learner and passionate about learning new things and taking on new challenges. • Highly organized, detail oriented, and able to work autonomously with minimal direction. • Experienced working remotely including proficiency to communicate over a text-based medium (Slack, GitHub Issues, Email) and can succinctly document technical details. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. See Degreed Jobs for more details on Degreed and why you should come work with us! #LI-Remote Apply tot his job