Application Security Engineer (WAF)
Bullhorn is looking for an Application Security Engineer (WAF) to join our IT team.
Bullhorn is the leading global software provider for the staffing and recruitment industry. More than 10,000 companies rely on Bullhorn’s cloud-based platform to power their staffing processes from start to finish. Through our incredible products and services, we create raving fan customers, resulting in company growth that consistently offers new opportunities for our talent to advance their careers. 25% of our global workforce gets promoted or moves into a new role every year, expanding their skills and working with new people. Bullhorn is large enough to provide these exciting opportunities but small enough to maintain the energy of a startup, and we’re consistently ranked as a great place to work for our strong culture and rewarding career opportunities.
Our commitment to our employees: Every Bullhorn employee has a sense of belonging, a voice that is heard, and a clear path to success. Bullhorn offers unlimited planned vacation, great opportunities for career development, quarterly paid volunteer days through its philanthropic group Bullhorn Cares, and an open invitation to Bullhorn Allies groups, which celebrate and cultivate diversity and inclusion for all employees.
Our in-office employees enjoy a casual, collaborative environment with weekly catered-in lunch and breakfast, and quarterly social events. While working from the comfort of their own homes, our remote employees are provided a full equipment package with all the tools they need to perform their role. We use Zoom, Slack, and other tools to stay connected while we are remote.
Why this job is important:
As an Application Security Engineer at Bullhorn, you will lead the Application Security Program on the Information Security team. You will work hand-in-hand with developers to implement and mature security tools, advise on best practices, and promote security initiatives. A successful candidate for this position will have excellent communication skills, a strong understanding of application security and risk, and the ability to lead cross-functional teams.
The person in this role will provide technical leadership in the architecture and implementation of application security. He or she will help Bullhorn proactively address security in application development with design recommendations, tool implementation, and risk assessments. The person in this role will empower developers to perform security checks on their applications using Shift Left principles
A typical day might include:
Implementing Web Application Firewalls for new applications
Tuning existing WAF deployments to increase protections
Interpreting the results of penetration tests and security scans to provide risk-based recommendations for remediation
Recommending best practices for security in application design and development
Consulting with development teams on security readiness for deployment
Coordinating penetration tests for SaaS applications
This role may be a fit for you if:
3+ years of application security experience, preferably working with SaaS applications
Experience managing a WAF for a production web application
Experience with application security penetration testing and performing baseline static/dynamic application security assessments (SAST/DAST) on new applications and changes to applications
Knowledge of a variety of software languages such as Java, .Net, Python, PHP
Experience in enterprise application development and design, including REST APIs, database, messaging, and search technologies
Familiarity with the Software Development Lifecycle (SDLC) and associated tools (Git, Jenkins, Jira)
A deep understanding of common application vulnerabilities, including OWASP Top 10
Experience writing enterprise security standards, policies and coding guidelines
Bonus points for:
Experience with Akamai Kona and/or Imperva (Incapsula) Cloud WAF
Experience securing Docker, Kubernetes, or other containerization technology
Knowledge of 3rd party library security tools like Black Duck, Veracode SCA, or other software composition analysis technology
OSCP, GWAPT, GPEN, GXPN, CEH or other security certifications
Strong culture makes Bullhorn a great place to work! Our offices offer a casual, collaborative environment with weekly catered-in lunch and breakfast, and “First Thursday” social events. Bullhorn offers unlimited vacation, quarterly paid volunteer days through its philanthropic group Bullhorn Cares, and an open invitation to Bullhorn Allies groups, which celebrate and cultivate diversity and inclusion for all employees.
Bullhorn is committed to our core values and we are looking for people who exhibit these traits:
Service – You go beneath the surface to solve problems.
Energy – You build up your teammates and leave people positively charged.
Ownership – You take action and own up to your mistakes.
Speed & Agility – You go around obstacles and demonstrate urgency.
Being Human – You consider other people’s perspectives, laugh, and have fun.