Senior Application Security Engineer
Building services that enable others
Springer Nature is one of the world’s leading global research, educational and professional publishers. It is home to an array of respected and trusted brands and imprints, with more than 170 years of combined history behind them, providing quality content through a range of innovative products and services. Every day, around the globe, our imprints, books, journals and resources reach millions of people, helping researchers and scientists to discover, students to learn and professionals to achieve their goals and ambitions. The company has around 10,000 staff in over 50 countries.
We’re looking for an experienced Application Security Engineer to make AppSec capabilities an integral and frictionless part of our platforms.
About us: Engineering Enablement
The Engineering Enablement (EE) department consists of around 60 people, spread over teams that closely collaborate to fulfil our mission. In Springer Nature Technology (SNT) we serve different core expertise: PaaS, Databases, Observability and Cloud- and Release Engineering. You will join a multidisciplinary team with different nationalities, backgrounds and experience levels. We are a very distributed department but sometimes we travel to work with each other in person. We are based around the globe with main locations in London, Dordrecht, Berlin, Lisbon and New York.
Our Technology
We have built platforms serving hundreds of developers at scale around the world. We are making more and more use of Kubernetes as a backend container platform and integrating this into our platform offering. We are leveraging the power of Kubernetes to build a new PaaS that will co-exist with the current Cloud Foundry Platform, as well as managing an internal database platform that runs over 1,200 database servers.
Your team
This role is within the Engineering Enablement department (EE), whose mission is to enable frictionless product development by providing managed platforms.
You will work together with the EE security architect and 2 other security engineers to establish streamlined application security capabilities within these platforms. This is a new community of security experts within the department that needs building up and shaping together. You will work together with the central security transformation and security operations teams to ensure the company-wide initiatives are represented in and consulted by EE.
As with all teams in EE, we closely collaborate with the departmental teams that provide the platform’s surrounding and centralised services and also with all the product development teams within Springer Nature.
Your responsibility
Our internal users run around 4000 applications within our platform, deploying them through our CI/CD systems many times a day. Together with your team, your responsibility is to make sure that the needed security measures are a frictionless and trusted part of those processes.
The company-wide security maturity program aims to build up a global application-, data- and infrastructure security strategy - your responsibility is to help inform that strategy and ensure EE fulfils its part of that. As EE sits within a larger organisation, you and your team members make sure we establish a culture of shared responsibility and accountability within the teams building on top of our platforms.
You will contribute to the evolution of our application security measures through leveraging IaC, maximising customer self-service and living the continuous integration mindset. You help to improve and optimise our existing security landscape and consult our internal customers on improving their application security stance.
Key Tasks:
-
Maintaining and improving the AppSec capabilities of our platform
-
Running and integrating AppSec tooling into the continuous integration processes of development teams
-
Support the creation of company-wide structures and initiatives that drive improvements in application security
-
Driving a “Shift-left” approach to application security accountability and responsibility with a focus on enabling development teams
-
Working closely with other security focused teams in the company, shaping our overall security strategy
-
Consulting teams on best practices related to application security
-
Selecting and potentially facilitating application security training
-
Working with the team to document policies, processes, procedures, and technical designs related to application security
-
Monitoring our overall security stance and using that data to improve our application security capabilities
You will have the opportunity to work on new challenges and drive the evolution of our services in a collaborative and supportive environment.
About you
You are a friendly team member who is modest and humble, open to learning from anyone regardless of age, gender, race, role or experience. You value social interactions and can self-reflect by asking questions. You have a strong preference for working together, sharing knowledge and training others.
Desired Skills and Experience:
-
High sensitivity for security-relevant issues
-
Experience with Infrastructure as Code, for automation and configuration management
-
Programming experience with Golang or at least one modern language
-
Experience in operating and maintaining cloud infrastructure
-
Knowledge of secure coding practices and patterns
-
Understanding of SDLC (Software Development Life Cycle)
-
Experience with cloud platforms, ideally GCP
Preferred Skills and Experience:
-
Experience with common CI/CD tools
-
Experience with containerization
-
High user and customer orientation
-
Strong conceptual skills, logical/analytical thinking & problem-solving skills
-
Experience in contributing to the architecture and design of new and existing systems
-
Programming experience with languages used by our delivery streams (e.g. Java, Kotlin, .Net)
-
Proficiency with security tools & technologies (SAST, DAST, IAST, SCA)
-
Knowledge of common web application security (OWASP Top Ten)
-
Experience using a maturity model such as BSIMM
-
Facilitate threat modelling across systems and services
We are looking forward to your application. After reviewing your CV our Talent Acquisition team will contact you to schedule a short initial phone/video call. After getting this first step we will run 2-3 rounds (introductory, technical, cultural) with you - all of these with different members of the Engineering Enablement department and our peers in the CISO department. When appropriate these phases will be held via phone /video calls.
#LI-AR1
Springer Nature is one of the world’s leading global research, educational and professional publishers. It is home to an array of respected and trusted brands and imprints, with more than 170 years of...
Apply Now