Willow is hiring an

Application Security Engineer

Seattle, United States
Founded in 2017, Willow is a global technology start-up. The WillowTwin™ is a disruptive IoT/Data SaaS that unlocks the true potential of smart buildings and infrastructure. We are writing a new chapter in human history, with unprecedented resource optimisation and management empowered by data. 
Recently Ranked in Linked In's 2020 Australian "Top 10 Start-ups", you will be joining a team of performance-driven individuals, backed by the most advanced technology the built world has ever seen. We are chartering a new course, Digital First, the Willow Way. Our 'Willow World' is fast-paced, nurturing and collaborative.

Summary of role:

As an Application Security Engineer at Willow, you will contribute to the architecture, design, and delivery of secure software solutions - and help us advance in our mission to digitise the built world. Enjoy the benefits of working in a remote-first team while leveraging your skills in cybersecurity to make an impact!

Your Team

The multitude of benefits that arise from our offerings come with an ever-increasing risk of cyber-attack from a variety of threat actors. These threats can result in data loss, privacy issues, disruption to critical infrastructure as well as environmental, financial and health risks. Cybersecurity is core to the very fabric of Willow’s approach as we deliver our products and services to customers. Maintaining a strong security posture is integral to maintaining the trust of our customers. The cybersecurity team at Willow has a commitment from the leadership team and executives and is seen as an enabler in ensuring the business is able to grow and scale as a global organisation.

Role & Responsibilities

  • Work closely with wider Product and Engineering teams to support them with minimum security requirements in new and existing products or software.
  • Perform technical and non-technical security reviews on applications, as well as required remediation
  • Ensure appropriate security controls and processes such as threat modelling and security testing are embedded into the Engineering development processes in a seamless manner.
  • Drive the continued education of engineers and product team around security requirements.
  • Work closely with IT consultants and managed service providers to scope, manage and remediate regular penetration testing assessments.
  • Continually review and improve the security function by identifying possible improvements, developing skills, identifying new techniques and developing automation to mitigate security risks and incidents efficiently.
  • Apply threat intelligence and other information sources to identify events/risks relevant to the company and integrate this into existing security processes for targeted remediation.
  • Contribute to various security projects and assist the Head of Cybersecurity & Privacy in the delivery of the cybersecurity roadmap in accordance with timeframes and budget.

Skills & Experience

  • We encourage you to apply even if you don't check all boxes:

  • Ideally 2-3 years relevant experience in security, preferably in application security or software engineering role
  • Technical skills including networking, software engineering, systems administration, penetration testing and vulnerability assessments
  • Experience in a cloud infrastructure environment - AWS or Azure, preferably with Azure PaaS experience
  • Experience in vulnerability management and threat intelligence capabilities
  • Experience in working with software developers to advise on security controls and requirements
  • Experience with common information security management frameworks, standards, principles and processes (OWASP, CIS, SANS, ISO, NIST etc)
  • Relevant security certifications (CISSP, GIAC, Security+, CEH, OSCP etc)
  • Experience in highly automated DevOps environments and familiarity with toolsets including Git, ARM, EBS, CloudFormation, Docker, Kubernetes, Puppet, Chef etc
  • Excellent verbal and written communication skills in English

This role can be performed in Seattle or remotely within the US - preferably the Pacific and Central time zone.

If you are eager to work in a fast-paced, high growth tech start-up based on collaboration and open communication, then Willow could be the place for you. We at Willow never give up, we work smart, we care about our fellow human beings, and we always put our best foot forward.

Willow is proudly diverse. We work to create an equitable and inclusive experience for candidates and employees, where people from different backgrounds have an opportunity to succeed. Join us in our mission to digitise the built world!

To find out more, visit the website: https://www.willowinc.com