Staff Application Security Engineer

Bazaarvoice · Belfast

 
At Bazaarvoice, we create smart shopping experiences. Through our expansive global network, product-passionate community & enterprise technology, we connect thousands of brands and retailers with billions of consumers. Our solutions enable brands to connect with consumers and collect valuable user-generated content, at an unprecedented scale. This content achieves global reach by leveraging our extensive and ever-expanding retail, social & search syndication network. And we make it easy for brands & retailers to gain valuable business insights from real-time consumer feedback with intuitive tools and dashboards. The result is smarter shopping: loyal customers, increased sales, and improved products.
 
The problem we are trying to solve : Brands and retailers struggle to make real connections with consumers. It's a challenge to deliver trustworthy and inspiring content in the moments that matter most during the discovery and purchase cycle. The result? Time and money spent on content that doesn't attract new consumers, convert them, or earn their long-term loyalty.
 
Our brand promise : closing the gap between brands and consumers.
 
Founded in 2005, Bazaarvoice is headquartered in Austin, Texas with offices in North America, Europe, Asia and Australia.
 
It’s official: Bazaarvoice is a Great Place to Work in the US , Australia, India, Lithuania, France, Germany and the UK!

We are seeking a Staff Application Security Engineer to serve as a high-level technical leader and subject matter expert for our application security program. In this role, you will bridge the gap between security and engineering, driving the adoption of secure-by-default architectures and robust secrets management practices.
 
As a technical expert, you are expected to bring proposals, solutions, and innovation to our security program. You will carry significant influence across all of our engineering offices, tackling the most complex software security challenges while collaborating closely with Offensive Security to validate and remediate systemic risks. At Staff Level, you will operate with a high degree of autonomy, providing critical technical expertise during investigations and mentoring engineers to foster a culture of security-first development.
 
What You'll Be Doing:* Required Skills and Experience:* Education &amp; Experience: Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience with 10+ years of professional experience<br>&nbsp;. * Application Security Expertise: 8+ years of hands-on experience in application security, including secure code review, threat modeling, and managing AppSec tooling.<br>&nbsp;. * Secrets Management Proficiency: Proven experience implementing and managing enterprise-grade secrets management solutions at scale.<br>&nbsp;. * Technical Remediation: Expert-level knowledge of OWASP Top 10 and advanced vulnerability classes, with a demonstrated ability to architect and implement scalable remediation solutions.<br>&nbsp;. * Scripting &amp; Automation: Proficiency in languages such as Python, Go, or Bash to automate security workflows and build custom security tooling.<br>&nbsp;. * Influence &amp; Communication: Exceptional communication skills with the ability to influence technical and non-technical stakeholders across multiple global offices.<br>&nbsp;. * Mentorship: A proven history of mentoring senior-level engineers and a passion for elevating the skills of those around you.<br>&nbsp;. Desired Skills and Experience:* Certifications: Professional certifications such as CSSLP, CASE, GWEB, or equivalent.<br>&nbsp;. * Cloud Operations: Expertise in AWS or GCP security operations, specifically relating to serverless and containerized application security.<br>&nbsp;. * DevSecOps: Experience in a Security Development Lifecycle (SDL) environment and a history of implementing DevSecOps principles.<br>&nbsp;. * Community Engagement: Published security research, conference presentations, or active contributions to the open-source security community.<br>&nbsp;.  

What You'll be Doing:

  • Lead Application Security Elements: Own the execution and technical oversight of application security components, ensuring robust security controls are integrated throughout the development process.
  • Secrets Management Leadership: Lead and manage the enterprise secrets management program, defining technical standards and implementing solutions to protect sensitive credentials across all environments.
  • Offensive Security Collaboration: Partner closely with the Offensive Security Engineer on complex projects to proactively identify, validate, and remediate deep-seated application vulnerabilities.
  • Incident Response &amp; Forensic Support: Provide deep technical expertise and hands-on assistance during security events or investigations, helping to identify root causes and mitigate impact.
  • Vulnerability Management &amp; Triage: Work directly with Engineering teams to triage, prioritize, and communicate vulnerability findings from multiple internal and external sources.
  • Secure SDLC &amp; Threat Modeling: Proactively engage with development teams early in the SDLC to conduct threat modeling exercises and provide expert consultation on secure architecture.
  • Mentorship and Advocacy: Act as a security champion and trusted advisor, elevating security knowledge across the organization through training and the development of secure coding guidelines.

    • Required Skills & Experience:

  • Bachelor's degree in Computer Science, Information Security, or a related field, or equivalent practical experience with 10+ years of professional experience.
  • Application Security Expertise: 8+ years of hands-on experience in application security, including secure code review, threat modeling, and managing AppSec tooling.
  • Secrets Management Proficiency: Proven experience implementing and managing enterprise-grade secrets management solutions at scale.
  • Technical Remediation: Expert-level knowledge of OWASP Top 10 and advanced vulnerability classes, with a demonstrated ability to architect and implement scalable remediation solutions.
  • Scripting & Automation: Proficiency in languages such as Python, Go, or Bash to automate security workflows and build custom security tooling.
  • Influence & Communication: Exceptional communication skills with the ability to influence technical and non-technical stakeholders across multiple global offices.
  • Mentorship: A proven history of mentoring senior-level engineers and a passion for elevating the skills of those around you.

    • Desirable Skills & Experience:

  • Certifications: Professional certifications such as CSSLP, CASE, GWEB, or equivalent.
  • Cloud Operations: Expertise in AWS or GCP security operations, specifically relating to serverless and containerized application security.
  • DevSecOps: Experience in a Security Development Lifecycle (SDL) environment and a history of implementing DevSecOps principles.
  • Community Engagement: Published security research, conference presentations, or active contributions to the open-source security community

    • Security pay context

    Based on 1,632 disclosed Security salaries on RoleSuite, the role pays a median of $142K/year, with most offers between $114K and $179K (10th–90th percentile: $93K–$215K).

    See the full Security salary breakdown →
    Apply →

    Other roles at Bazaarvoice

    More Security roles