Diligent is the leading governance, risk and compliance (GRC) SaaS company, serving 1 million users from over 25,000 organizations around the world. Our software enables holistic and informed conversations about GRC and ESG to ensure CEOs, CFOs and the board have an integrated view of audit, risk, information security, ethics and compliance from across the organization.
The Application Security Engineer will be a member of the Security group and will work closely with Product Design, Software Development, and Production Operations. The Application Security team at Diligent is primarily responsible with overseeing secure development, creating best practices and processes for the technology organization, and maintaining security tools and procedures.
They will be providing implementation on security best practices on architectural design, pulbic cloud security (Amazon Web Services), account security (2FA and Identity Management), anti-tamper technologies, secret management, and continuous integration/continuous deployment.
The ideal candidate will come from a development, security engineer, or DevOps background with a strong passion and interest in security. This person should be self-motivated, enjoy security work, and thrive working in a global, dynamic, growing company environment.
Own vulnerability management and mitigation approaches with product teams
Perform threat modeling, secure feature and architecture assessments, security-critical code reviews, and application security testing
Document security feature implementations
Contribute to security policy, standards, and guidelines related to application security
Research emerging technologies and maintain awareness of current security risks
Define, implement, and monitor security measures in Diligent Core products
3+ years of experience in Application Security or Application Development
Knowledge of security concepts for Internet technologies, architectures, and protocols
Excellent understanding of OWASP Top Ten and CWE/SANS Top 25 vulnerabilities and mitigations
Experience with threat modeling
Experience with code analysis and/or penetration testing tools
Understanding of CI/CD pipelines
Experience with container technologies
Experience with automation
Understanding of security standards (e.g. NIST) and compliance needs (e.g. SOC2)
What Diligent Offers You
Diligent created the modern governance movement. Our world-changing idea is to empower leaders with the technology, insights and connections they need to drive greater impact and accountability – to lead with purpose. Our employees are passionate, smart, and creative people who not only want to help build the software company of the future, but who want to make the world a more sustainable, equitable and better place.
Headquartered in New York, Diligent has offices in Washington D.C., London, Galway, Budapest, Vancouver, Bengaluru, Munich, and Sydney.
We are a drug free workplace. Diligent is proud to be an equal opportunity employer. We do not discriminate based on race, color, religious creed, sex, national origin, ancestry, citizenship status, pregnancy, childbirth, physical disability, mental disability, age, military status, protected veteran status, marital status, registered domestic partner or civil union status, gender (including sex stereotyping and gender identity or expression), medical condition (including, but not limited to, cancer related or HIV/AIDS related), genetic information, or sexual orientation in accordance with applicable federal, state and local laws. We also consider qualified applicants regardless of criminal histories, consistent with legal requirements. See also Diligent's EEO Policy and EEO is the Law. We are committed to providing reasonable accommodations for qualified individuals with disabilities and disabled veterans in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at [email protected].
To all recruitment agencies: Diligent does not accept unsolicited agency resumes. Please do not forward resumes to our jobs alias, Diligent employees or any other organization location. Diligent is not responsible for any fees related to unsolicited resumes.