Application Security Engineer

About Us

Diligent is the leading governance, risk and compliance (GRC) SaaS company, serving 1 million users from over 25,000 organizations around the world. Our software enables holistic and informed conversations about GRC and ESG to ensure CEOs, CFOs and the board have an integrated view of audit, risk, information security, ethics and compliance from across the organization.

Position Overview

The Application Security Engineer will be a member of the Security group and will work closely with Product Design, Software Development, and Production Operations. The Application Security team at Diligent is primarily responsible with overseeing secure development, creating best practices and processes for the technology organization, and maintaining security tools and procedures.

They will be providing implementation on security best practices on architectural design, pulbic cloud security (Amazon Web Services), account security (2FA and Identity Management), anti-tamper technologies, secret management, and continuous integration/continuous deployment.

The ideal candidate will come from a development, security engineer, or DevOps background with a strong passion and interest in security. This person should be self-motivated, enjoy security work, and thrive working in a global, dynamic, growing company environment.

Key Responsibilities

    Own vulnerability management and mitigation approaches with product teams

    Perform threat modeling, secure feature and architecture assessments, security-critical code reviews, and application security testing

    Document security feature implementations

    Contribute to security policy, standards, and guidelines related to application security

    Research emerging technologies and maintain awareness of current security risks

    Define, implement, and monitor security measures in Diligent Core products

Experience/Skills:

    3+ years of experience in Application Security or Application Development

    Knowledge of security concepts for Internet technologies, architectures, and protocols

    Excellent understanding of OWASP Top Ten and CWE/SANS Top 25 vulnerabilities and mitigations

    Experience with threat modeling

    Experience with code analysis and/or penetration testing tools

    Understanding of CI/CD pipelines

    Experience with container technologies

    Experience with automation

    Understanding of security standards (e.g. NIST) and compliance needs (e.g. SOC2)

What Diligent Offers You 

• Creativity is ingrained in our culture. We are innovative collaborators by nature. We thrive in exploring how things can be differently both in our internal processes and to help our clients
• We care about our people. Diligent offers a flexible work environment, competitive vacation policy and meeting-free days across the company. We care about our team’s health and wellness and even offer a quarterly health club reimbursement!
• We have teams all over the world. We may be headquartered in New York City, but we have office hubs in Washington D.C., Vancouver, London, Galway, Budapest, Munich, Bengaluru, and Sydney.
• Diversity is important to us. Growing, maintaining and promoting a diverse team is a top priority for us. We foster and encourage diversity through our Employee Resource Groups and provide access to resources and education to support the education of our team, facilitate dialogue, and foster understanding.

Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place. 

Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney. 

We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and EEO is the Law. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at [email protected].

To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.