Application Security Engineer - for fast-growing Norwegian SaaS company

About Admincontrol

At Admincontrol, we believe that the future depends on the quality of decision-making and we deliver online solutions for efficient and secure management of business-critical information for e.g. boards of directors, management teams and legal and financial companies. In the Nordic region, we are the leading player in our industry and our technology is used by 2/3 of listed companies in Norway. Admincontrol is a growing company with operations in six European markets and great ambitions for the future!

We are a technology company that focuses on people. Our working environment is inclusive, evolving and characterized by a flat organizational structure and empowered employees. In order to succeed with us, you need to be able to identify with our values: smart, passion and trust and actively contribute to the exchange of knowledge and experiences. You can expect the same from your colleagues. 

About the position

As an Application Security Engineer in Admincontrol you will work together with our Developers focusing on the security of all our software components used within our SaaS platform. You must be able to explain fundamental security principles and have good communication skills. To ensure our platform has top security you must be comfortable working with different kind of security tools and various kind of code scanners in a DevSecOps approach to ensure correct processes are in place in the development life cycle to find and resolve any potential security issues as early as possible.

To succeed you must have a thorough understanding and knowledge of the underlying technology as well as secure coding practices and OWASP Principles.

Responsibilities

• Be in charge of implementing security best practices based on OWASP principles and OWASP ASVS standard in the development process.
• Ownership of security automation in the CI/CD pipeline in collaboration with Development, IT Ops and QA
• Manage code scanning and application security scanning & testing (SAST/DAST)
• Provide day to day DevSecOps support to the development teams.
• Contribute to security knowledge sharing.
• Responsible for follow up of security issues and findings from security tests.
• Ensure that 3rd party code/libraries are continuously assessed for security vulnerabilities/problems and trigger/verify security updates.
• Contribute to guidelines/best practices on secure system engineering principles e.g. documentation on how to operate and configure a secure development environment.
• Contribute to, and continuously improve, security and privacy in development and support processes.
• Share your security knowledge with our developers and test engineers
• Identify and implement tools that should be used in the development lifecycle.
• Assist Architects & Developers to ensure that non-functional controls are considered and documented, e.g.:

- Identity and access management, including authorization.

- Log management for security

- Transport and storage security

- Encryption and key management

- Data classification

- Privacy by design

• Create and maintain Data Flow Diagrams (DFD) for privacy classified & sensitive data, based on the high-level architecture drawings.
• Threat modelling

Skills and experience

• Higher education (minimum 3 years) within information security, computer science or similar
• Experience may compensate for a lack of formal education.
• Experience with OWASP principles and secure coding practices
• Competence within security testing of applications
• Ability to change and adapt to new demands and expectations in the role.
• Understanding of DevOps and DevOpsSec
• Experience of setting up and maintaining security in a continuous delivery pipeline (DevOps)
• Knowledge of, and practical experience with applying security in the Public Cloud

We can offer

• Opportunity to play a central part in the development of highly successful and market leading software, utilizing new technologies and best practices. 
• Great working culture with dynamic, skilled, and engaged teams collaborating to achieve ambitious goals. 
• Competitive terms, including bonus scheme. 
• Good insurance and pension terms. 
• An excellent working environment with friendly, talented, and approachable colleagues. 
• Attractive premises located very centrally in Drammen. 
• Social events and joint training activities. 
• Extremely strong professional network through the link to Visma.