Kaseya® is the leading provider of complete IT infrastructure and security management solutions for Managed Service Providers (MSPs) and internal IT organizations worldwide powered by AI. Kaseya’s best-in-breed technologies allow organizations to efficiently manage and secure IT to drive sustained business success. Kaseya has achieved sustained, strong double-digit growth over the past several years and is backed by Insight Venture Partners www.insightpartners.com), a leading global private equity firm investing in high-growth technology and software companies that drive transformative change in the industries they serve.
Founded in 2000, Kaseya currently serves customers in over 20 countries across a wide variety of industries and manages over 15 million endpoints worldwide. To learn more about our company and our award-winning solutions, go to www.Kaseya.com and for more information on Kaseya’s culture, please click here: Kaseya Culture.
Kaseya is not your typical company. We are not afraid to tell you exactly who we are and our expectations. We have achieved record levels of success being BOLD, being GRITTY, being ACCOUNTABLE. The thousands of people that succeed at Kaseya are prepared to go above and beyond for the betterment of our customers, and the betterment of their careers and long-term financial wealth.
Position Overview
As an Application Security Engineer, you will play a key role in ensuring that Kaseya's applications are secure by proactively identifying and mitigating security vulnerabilities within the code. Your primary focus will be to embed security into the development lifecycle, ensuring applications are built with security at their core.
You will work closely with development teams to review code, implement security best practices, and identify vulnerabilities at all stages of development. You will be responsible for assessing code, executing security testing, and helping to embed secure coding practices across development processes.
Primary Responsibilities
Perform Security Assessments and Code Reviews: Conduct thorough security assessments, focusing on identifying and mitigating vulnerabilities in application code. Perform secure code reviews to ensure that applications are secure by design.
Implement Security Best Practices: Develop, implement, and enforce security guidelines for developers to follow. Ensure that secure coding practices are followed throughout the software development lifecycle (SDLC).
Vulnerability Remediation: Work with development teams to address and resolve identified security vulnerabilities, ensuring they are fixed efficiently and properly tested.
Security Testing Integration: Integrate security testing tools (e.g., Static Application Security Testing - SAST, Dynamic Application Security Testing - DAST) into the development pipeline to identify vulnerabilities early in the development process.
Threat Modeling: Work with developers to perform threat modeling, identifying potential security risks in the architecture and design of applications.
Continuous Improvement: Continuously research and apply new security techniques, tools, and methodologies to enhance the organization's application security posture.
Collaboration with Development Teams: Collaborate directly with development teams to ensure that security is integrated into every phase of application development, from design to deployment.
Skills & Qualifications
Required
Proficiency in Secure Coding Practices: Solid understanding of secure coding standards and best practices in languages such as Java, Python, C#, or JavaScript.
Experience with Vulnerability Assessment Tools: Familiarity with security tools such as SAST, DAST, and IAST (Interactive Application Security Testing), and experience with scanning and interpreting results to fix vulnerabilities.
Deep Knowledge of Web and Application Security: Strong understanding of common web application vulnerabilities (OWASP Top 10), such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Experience with Threat Modeling: Knowledge of threat modeling frameworks and methodologies to identify potential security risks and mitigate them during development.
Proven Problem-Solving Skills: Ability to identify security flaws within application code and effectively collaborate with developers to resolve them.
Strong Communication Skills: Ability to clearly document security issues, report findings, and communicate with both technical and non-technical stakeholders.
Preferred
Familiarity with Security Frameworks and Libraries: Experience working with security libraries and frameworks (e.g., Spring Security, OWASP Dependency-Check, etc.) to enhance application security.
Understanding of Security Automation: Experience in automating security testing within the CI/CD pipeline to ensure continuous security verification during development.
Cloud Security Knowledge: Experience securing cloud-native applications and familiarity with cloud security platforms (e.g., AWS, Azure, Google Cloud).
Education & Certifications
Minimum
Bachelor’s degree in Computer Science, Cybersecurity, or a related field.
At least one expert-level security certification, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), or Certified Secure Software Lifecycle Professional (CSSLP).
Preferred
Additional certifications or coursework in application security or advanced threat modeling would be a plus.
Experience
Minimum
At least 2+ years of experience in an application security engineering role, focusing on secure coding, vulnerability assessment, and secure development practices.
5+ years of experience in IT, with significant hands-on experience in software development and application security.
Preferred
Over 10+ years of experience in IT, with an extensive focus on application security.
Experience with DevSecOps practices and embedding security within Agile and DevOps environments.
IND2
Join the Kaseya growth rocket ship and see how we are #ChangingLives !
Additional information
Kaseya provides equal employment opportunity to all employees and applicants without regard to race, religion, age, ancestry, gender, sex, sexual orientation, national origin, citizenship status, physical or mental disability, veteran status, marital status, or any other characteristic protected by applicable law.