Sr. Engineer, Application Security
Company: Woven Planet Holdings
Location: Palo Alto
Posted on: June 22, 2022
ABOUT WOVEN PLANET GROUPWoven Planet Group (Woven Planet)
represents a carefully curated blend of expertise and resources
dedicated to bringing the vision of "Mobility to Love, Safety to
Live" to life. Through innovations and investments in automated
driving, robotics, smart cities, and more, we are transforming how
humankind lives, works, and moves. We exist to design, build, and
deliver secure, connected, and sustainable mobility solutions that
benefit all people worldwide. Founded in 2018 as Toyota Research
Institute - Advanced Development (TRI-AD), Woven Planet is composed
of four complementary companies: Woven Planet Holdings, Woven Core,
Woven Alpha, and Woven Capital.Visit us to learn more:
https://www.woven-planet.global/OUR TEAMThe security team at Woven
Planet is on the cutting edge of many challenging security
problems. We identify emerging security threats in autonomous
vehicles and help design more secure systems. We work closely with
internal platform teams to provide a secure development environment
through tooling and automation, allowing developers to innovate
quickly without compromising security.WHO ARE WE LOOKING FOR?We are
looking for an expert Application Security Engineer with a strong
background in secure software development to ensure that our
software systems are designed and implemented to the highest
standards. The scope of the role is broad; you will participate in
the secure design of new services and products, vulnerability
analysis of applications, work with developers to resolve security
issues, and build tools for security automation. You will also help
improve our application security program by developing technical
standards and processes which allow developers to write secure
software.The successful candidate will have a good mix of deep
technical knowledge and a demonstrated background in information
security. We value broad and deep technical knowledge, specifically
in the fields of application security for cloud systems, operating
systems, cryptography, web applications, and embedded systems.This
role will have remote flexibility for those based in the PST
- Partner with development and operations on designing and
building secure applications for critical Woven Planet systems.
When gaps are identified, drive issues to resolution by providing
in-depth advisories, building tools, or contributing code as
- Perform threat modeling and application security assessments
for projects across the organizations.
- Improve the application security program by enhancing technical
standards and guidelines to foster secure development
- Improve the accessibility and enforceability of security
through automation, CI/CD pipelines, and other means.
- Perform static/dynamic security testing for applications
developed by Woven Planet to identify vulnerabilities and security
- Manage the lifecycle of vulnerabilities, from identification to
remediation and reporting.
- Mentor software engineers and provide training on security best
- Communicate effectively at multiple levels of sensitivity, and
multiple audiencesMINIMUM QUALIFICATIONS
- 5+ years of relevant, broad engineering experience in
information security or software development.
- 3+ years of experience on an Application Security team,
especially in providing security requirements, conducting risk
assessment, threat modeling, and security code review.
- Good understanding of software, computer, network
architectures, and practical cryptography usage.
- Hands-on experience with software development in one or more
general-purpose development languages such as Python, Ruby, Go,
- Understanding of at least one Security Development
methodologies (e.g. Microsoft SDL, OWASP OpenSAMM, BSIMM,
- In-depth knowledge of secure coding principles and common
application security vulnerabilities, such as OWASP Top 10 and CWE
- Well-versed in large-scale application design, application
security testing, and risk management.
- Ability to effectively present and communicate security threats
and risks to any audience and impress upon them the mitigation
techniques and strategies.PREFERRED QUALIFICATIONS
- Good knowledge of security features and mechanisms provided by
AWS or GCP. AWS Certified Security or GCP Professional Cloud
Security Engineer is a plus.
- Deep knowledge of authentication protocols and frameworks to
include OAuth, OpenID, SSO/SAML, and AWS IAM.
- Experience implementing DevSecOps pipelines and converting
manual processes into automated processes.
- Success in implementing effective Secure SDLC frameworks across
a large corporation.
- Experience in managing application security testing tools like
SAST, DAST, and Open Source Vulnerability Scanning.
- Good understanding of the following technologies and concepts:
Microservice Architecture, Docker, Infrastructure as Code, CI/CD
- Familiarity with security and privacy frameworks and
regulations (e.g. SOC, PCI-DSS, ISO, GDPR, CCPA)
Keywords: Woven Planet Holdings, Palo Alto , Sr. Engineer, Application Security, Engineering , Palo Alto, California
Didn't find what you're looking for? Search again!