The application security engineer provides expert technical guidance to product security champions in performing the daily, weekly, and monthly security activities as part of our Secure SCRUM process.
The application security engineer performs validation of security controls during design, development, testing, and deployment of systems that support AB InBev’s products and services.
In this role, you’ll have the potential to transform our business and your career.
We’re a meritocracy, with plenty of room for growth and development, so you know your hard work will be rewarded.
We encourage you to think big and go after your goals. You’ll get to be creative, work with international teams so you can build a global network, and have direct control over your career and where it takes you.
Qualifications
REQUIREMENTS:
Work with the global DevSecOps team, responsible for our SAST, SCA, and DAST tools to configure an efficient technology-specific scanning profile, perform rule finetuning to reduce the rate of false-positive and provide remediation assistance to application engineers.
Support product owners in creating security user stories and security acceptance criteria.
Assist product engineers to compose and execute attacker abuse cases.
Perform design reviews, threat modeling, and source code review and drive remediation of the discovered vulnerabilities
Support security assessments (penetration testing) on externally and internally facing applications.
Proactively perform hands-on security testing of applications and services to discover risk and track to resolution.
Understand, balance, and communicate business risk with a security risk.
Perform research and maintain an extensive knowledge base of current security technology advancements, trends, and developments for retail industries
Act to bring continuous improvement to DevSecOps processes and tools.
Qualifications:
People with leadership, stakeholder and communication management skills
Strong foundations in software engineering, software design and threat modeling
Curious, ambitious and resilient people who thrive in fast-moving environments
Open-minded individuals who are flexible and enjoy change
Strategic thinkers who are always on the lookout for ways to improve and grow
People as comfortable working in a team as they are on their own
English speakers (additional language is a plus)
Experience with Docker containers and Kubernetes
Experience with multiple languages such as Java, Kotlin, Swift, .NET, Node.js, PHP and understanding of how to detect and remediate security issues such as OWASP Top 10