Senior Application Security Engineer

AppNexus - New York, NY4.5

AppNexus is hiring and experienced Senior Application Security Engineer to join our Technical Operations Team.

As a Senior Application Security Engineer, you will have a strong demonstrated background in hands-on development and deployment of novel security solutions at scale. AppNexus is a web-scale organization, with physical data centers in six locations.

  • You will collaborate with the Director of Cybersecurity and the Cybersecurity Architect to establish and deliver on key strategies, programs, and technical solutions across the operational infrastructure within AppNexus.
  • Have experience in integrating multiple security tools and products into existing build pipelines. The ability to quickly locate and understand the impact of a vulnerability is valued.
  • You will be a key part of developing and implementing systems to perform early vulnerability detection and attack surface mitigation. Understanding vulnerability analysis, threat-modeling, and being able to perform targeted penetration testing against internal systems will be key to being successful in this position.
  • You will drive implementation, deployment, adoption and refinement of technologies needed to support cyber security objectives including authentication, authorization, accounting (AAA), single sign on (SSO), multi factor authentication, role-based access controls (RBACs), firewalls, Intrusions Detection Systems/Intrusion Prevention Systems (IDS/IPS) and other technologies as needed.
  • In this role, you will work closely with numerous organizations across the company at various levels including Legal, Finance, Network Engineering & Operations, System Operations, and Engineering as well as outside parties including service providers, consultants and auditors. This operations-focused role is integral to the ongoing security and continuity of the AppNexus infrastructure.
About the team:
The Technical Operations team is distributed across the globe and handles a wide variety of responsibilities, from providing tech support to architecting long-range build-out and day-to-day operations at our six global data centers. We have well over 7,000 servers, which process over a million ad serving requests per second (billions per day). We are an all Linux shop (all production operations run on Linux), with mostly Mac laptops. We’re in search of troubleshooters and those who love to tinker and innovate with technology.

About the job:
  • Use vulnerability detection and management tools to find attack surface in products and services
  • Oversee the implementation of Secure Development Lifecycle (SDL) processes across development teams
  • Be up-to-date on current vulnerabilities being exploited
  • Use SIEM tools to correlate events and data from an incident across multiple systems
  • Develop a framework and establish system for controls and levels of access
  • Drive development and implementation of policy, processes, and procedures in support of Cybersecurity, GRC and DR/BC
  • Coordinate internal and external audits
  • Oversee Production Operations incident response planning and security breach investigations
  • Manage the entire process of security testing and auditing, including selecting vendors, testing, analyzing results and remediation planning
  • Identify risks and propose strategies to mitigate them before crisis develops
  • Consider and address regulatory compliance proactively and organically as part of workflows and processes
  • Generate detailed analytical threat reports
About your skills:
  • BA/BS/MIS degree or 5+ years of relevant IT experience (degree in Computer Science or related field preferred).
  • 5+ years of hands-on experience in Unix/Linux system administration
  • Proven ability to identify, understand, and exploit OWASP top 10 vulnerabilities in code.
  • 2+ years of Software development experience with Java, C/C++, Python or Ruby and a deep understanding of how development teams operate and how to interact with them.
  • Ability to understand the results of penetration test reports at a technical level and guide teams with the vulnerabilities to remediation
  • Knowledge of IDS/IPS and vulnerability management solutions
  • Versed in current security threats and vulnerabilities
  • Knowledge of authentication, authorization, and access control methods, as well as SANS and COBIT framework
  • Excellent troubleshooting skills
  • Strong commitment to deliver high quality service to both internal and external customers
  • Certifications such as Security+, CISSP, CEH, OSCP, GPEN, or similar is a plus but not required.
More about you:
  • You are passionate about a culture of learning and teaching. You love challenging yourself to constantly improve, and sharing your knowledge to empower others
  • You like to take risks when looking for novel solutions to complex problems. If faced with roadblocks, you continue to reach higher to make greatness happen
  • You care about solving big, systemic problems. You look beyond the surface to understand root causes so that you can build long-term solutions for the whole ecosystem
  • You believe in not only serving customers, but also empowering them by providing knowledge and tools
AppNexus is proud to offer equal opportunity in all aspects of employment. We strive to foster a diverse, inclusive and engaging work environment. We welcome applications from all candidates and look forward to receiving yours!

Our diversity in action:
  • Partnering with Path Forward to offer returnships to help caregivers reenter the workforce
  • Sharing feedback openly through roundtable discussions on how to make progress on our Diversity & Inclusion goals
  • Galvanizing diversity and inclusion through our affinity groups (including OutNexus, AppNexus Women’s Network, AppNexus Latino Alliance and BlackNexus to name just a few!)
  • Partnering with Fairygodboss to support our commitment to women’s advancement in tech