Careers - Sri Lanka
Security Engineer (Application Security) - Security & Compliance Team
The Security & Compliance Team at WSO2 works towards continuously improving the security posture of our products, services, and infrastructure, and to promote a security culture within the organization.
We have a vacancy for an Application Security Engineer who can help the WSO2 engineering teams to secure our products, services, and internally-used web and mobile applications. Software engineers who are passionate about security and willing to switch their careers are also encouraged to apply.
- Build processes to ensure a security-focused SDLC, and ultimately, vulnerability free applications.
- Attending in design and code reviews of engineering teams to provide the security insight and thereby ensure early identification of vulnerabilities.
- Conduct research on new technologies and methodologies related to application security and the latest vulnerabilities and attacks.
- Evangelize the security knowledge across the engineering teams by preparing best practices guidelines and training them.
- Provide guidance and assistance to engineering teams to handle security incidents and other security-related tasks.
- Participate in security-related conferences like OWASP AppSec and BlackHat and present our research and development work to the wider security community.
- Work with external security researchers on the responsible disclosure of vulnerabilities.
- Automate security processes to increase the efficiency of the SDLC.
- Knowledgeable in computer security principles and practices, and willingness to continuously learn, apply, and share.
- Passionate about the application security domain and building a career in it.
- Ability to effectively communicate security aspects to technical and non-technical personnel.
- Professional software engineering experience in a popular programming language such as Java or Python is preferred.
- A bachelor's or master's degree in Computer Science, Software Engineering or Cybersecurity is preferred.
- Experience in formal penetration testing is an added advantage.
- Renowned security certifications such as OSCP and CISSP are an added advantage.
WSO2 was founded in 2005. Our open source, API-first, and decentralized approach helps developers and architects to be more productive and rapidly build digital products to meet demand. Customers choose us for our broad, integrated platform, approach to open source, and digital transformation methodology. The company’s hybrid platform for developing, reusing, running, and managing integrations prevents lock-in through open source software that runs on-premises or in the cloud.
WSO2 employs over 650 engineers, consultants, and professionals worldwide and has offices in the US, the UK, Australia, Brazil, Germany, and Sri Lanka. Today, hundreds of leading brands and thousands of global projects execute over 6 trillion transactions annually using WSO2 integration technologies.