Staff Application Security Engineer

• Lead Application Security Elements: Own the execution and technical oversight of application security components, ensuring robust security controls are integrated throughout the development process.
• Secrets Management Leadership: Lead and manage the enterprise secrets management program, defining technical standards and implementing solutions to protect sensitive credentials across all environments.
• Offensive Security Collaboration: Partner closely with the Offensive Security Engineer on complex projects to proactively identify, validate, and remediate deep seated application vulnerabilities.
• Incident Response & Forensic Support: Provide deep technical expertise and hands on assistance during security events or investigations, helping to identify root causes and mitigate impact.
• Vulnerability Management & Triage: Work directly with Engineering teams to triage, prioritize, and communicate vulnerability findings from multiple internal and external sources.
• Secure SDLC & Threat Modeling: Proactively engage with development teams early in the SDLC to conduct threat modeling exercises and provide expert consultation on secure architecture.
• Mentorship and Advocacy: Act as a security champion and trusted advisor, elevating security knowledge across the organization through training and the development of secure coding guidelines.

• Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience with 10+ years of professional experience.
• Application Security Expertise: 8+ years of hands on experience in application security, including secure code review, threat modeling, and managing AppSec tooling.
• Secrets Management Proficiency: Proven experience implementing and managing enterprise grade secrets management solutions at scale.
• Technical Remediation: Expert level knowledge of OWASP Top 10 and advanced vulnerability classes, with a demonstrated ability to architect and implement scalable remediation solutions.
• Scripting & Automation: Proficiency in languages such as Python, Go, or Bash to automate security workflows and build custom security tooling.
• Influence & Communication: Exceptional communication skills with the ability to influence technical and non technical stakeholders across multiple global offices.
• Mentorship: A proven history of mentoring senior level engineers and a passion for elevating the skills of those around you.

• Certifications: Professional certifications such as CSSLP, CASE, GWEB, or equivalent.
• Cloud Operations: Expertise in AWS or GCP security operations, specifically relating to serverless and containerized application security.
• DevSecOps: Experience in a Security Development Lifecycle (SDL) environment and a history of implementing DevSecOps principles.
• Community Engagement: Published security research, conference presentations, or active contributions to the open source security community.

Bazaarvoice provides equal employment opportunities (EEO) to all team members and applicants according to their experience, talent, and qualifications for the job without regard to race, color, national origin, religion, age, disability, sex (including pregnancy, gender stereotyping, and marital status), sexual orientation, gender identity, genetic information, military/veteran status, or any other category protected by federal, state, or local law in every location in which the company has facilities. Bazaarvoice believes that diversity and an inclusive company culture are key drivers of creativity, innovation and performance. Furthermore, a diverse workforce and the maintenance of an atmosphere that welcomes versatile perspectives will enhance our ability to fulfill our vision of creating the world's smartest network of consumers, brands, and retailers.

Please note: The successful candidate will be required to undergo a basic AccessNI check prior to starting.