Application Security Engineer

Stratio is the World’s Leading Real-time Predictive Fleet Maintenance Platform. The company's proprietary technology combines large-scale processing with the latest machine learning techniques to prevent hundreds of thousands of breakdowns from happening every day, thus saving millions of people from the hassle of public transportation delays, postponed deliveries, or late arrival of essential goods. Stratio’s platform enables zero downtime for 5 of the 10 largest transportation companies in the world and, in 2021, raised an investment of $12 million to boost leadership in predictive fleet maintenance. Fleet operators in Europe, North America, Asia-pacific, and Latin America trust Stratio’s technology to fully leverage the data under the hood to safeguard operations, and keep customers happy. Stratio’s technology has enabled transportation for 1.3 billion people so far.

As part of the Security team you will be responsible to make all our eco-system more secure by protecting system boundaries, keeping computer systems and network devices hardened against attacks and securing highly sensitive data. As an AppSec Engineer your task will mainly be:

Tasks:

• Performing security source code analysis;
• Investigate security vulnerabilities;
• Analysis of application architecture and technologies;
• Research and POC’s based on vectors of attack;
• Work closely with our DevOps team to implement Security gates in our CI/CD pipelines;
• Provide mitigation advice for security vulnerabilities;
• Assistance on Application Security Programs and Processes implementation;
• Be an evangelist to our Development teams, to help them raise security awareness;
• Define security gates and rules in terms of development.

Requirements:

• Coding experience in one or more general-purpose languages (e.g. .Net, Java, Ruby, Python);
• Experience testing web applications/services, identifying, and remediating OWASP top 10 security flaws, and understanding large complex systems quickly;
• Strong knowledge in basic HTTP/HTTPS protocol;
• Pro-active and sense of ownership;
• Good communication skills;
• Fluency in English.

Bonus Points:

• You have background in application security and/or static analysis (penetration testing / security code review / SCA tools);
• Experience with Infrastructure as Code (Terraform and / or Ansible preferred);
• Experience with common infrastructure cloud providers;
• Experience with malware detection and analysis;
• Experience with forensic analysis;
• Experience with SIEM tools;
• Strong understanding of cybersecurity standards and frameworks, e.g., ISO27001, NIST, CIS, OWASP, SANS;
• Certifications such as OSCP, CISM, CISSP, GSEC.

What we offer:

• Health Insurance;
• Fringe Benefits Policy;
• Flexible Work Hours - adjust your schedule to your needs;
• Work Setup - remote, hybrid, onsite - if your job can be done remotely, and you prefer to, you’re free to choose;
• Hardware and software for a full remote setup;
• Monthly All-Hands;
• Quarterly Events to discuss Strategy;
• Autonomy and Ownership Culture;
• Continuous feedback culture;
• Innovation Mindset;
• Career Acceleration.

Location:

• Remote / Hybrid / Lisbon / Coimbra

We want inspiring individuals in our teams, where age, race, gender, sexual orientation, politics and religion do not matter, and seek to create a tolerant and open space for everyone. We thrive to provide an inclusive and trustworthy environment.

You can find our Culture Manifesto and more team information here.

Take the road with us!