Application Security Analyst
Description:
Established in 2004, we are a tech pioneer offering world-class adult entertainment and games on some of the internet’s safest and most popular platforms. With the support of an international team of dynamic and collaborative innovators, we are on a mission to enable safe user experiences and empower our communities by celebrating diversity, inclusion, and expression — all while maintaining robust trust-and-safety protocols.
We embrace the best of both worlds! Local talent can thrive in our collaborative office space with the flexibility of a hybrid work environment, while remote team members play an integral role in shaping our dynamic culture from afar. We have offices in Montreal (Quebec), Austin (Texas) and Nicosia (Cyprus).
*A select number of positions require full-time in office attendance*
As an Application Security Analyst II at Aylo, you will fulfill a critical role in protecting and strengthening the organization’s security posture while safeguarding data and applications from security threats. You will work closely with Engineering, Product and DevOps teams to implement the SSLDC, establish general security best practices and to ensure the continuation of business operations.
What you'll be doing:
Validate internal, external and crowd-sourced application security findings and articulate them to engineering teams
Work in tandem with developers to share knowledge and implement security best practices
Create and leverage code and tool application solutions to address security and issues
Identify gaps in the organization's security posture especially from an application perspective
Participate in and serve as a subject matter expert for core operations such as vulnerability management and Bug Bounty.
Create and maintain extensive technical documentation, standards and policies related to tooling, processes and procedures
Assist and suggest projects, tools and technologies that are useful to engineering and the AppSec team
Promote and educate other teams on integration of the SSDLC
Assisting junior analysts with work task implementation and technical troubleshooting
Conduct threat modeling and hunting assessments
Provide best practices and remediation for GCP/AWS cloud configurations (Terraform & k8s)
Carry out regular feature and full application software audits on Web, API, Mobile, Cloud and Thick Client infrastructure
Stay up to date with the latest trends and threats in the Information Security space as well as compliance frameworks such as (PCI-DSS, NIST CSF)
What you'll need to be successful:
Must Haves:
University and or College Degree in Information Security, Computer Science or a related field of study
3+ years’ experience in a similar role
2 years' experience in penetration testing
Knowledge in programming languages such as (PHP, Java, Python, Golang)
Nice to haves:
Experience with tools such as SonarQube, Trufflehog, Tenable, SBOMs, BurpSuite and other open-source tools (static code scanners) an asset
Active Bug Bounty profile
Security centric certifications such as OSCP, OSWE, AWS GCP, eJPT nd Burp Suite Certified Practitioner
As an equal opportunity employer, we celebrate diversity and are committed to creating an inclusive environment for all employees
In this role you may be exposed to adult content