Skip to content

Lead Application Security Engineer

General Information

Ref #:

20220029339

Travel Amount Required:

None

Job Type:

Regular-Full Time

Location:

Atlanta - Georgia - United States, Lowell - Massachusetts - United States, Weston - Florida - United States

Description & Qualifications

Description

Ultimate Kronos Group (UKG) is seeking a Lead Application Security Engineer (Lead AppSec Engineer) to work in our Global Security team. You will be part of a dynamic team of software security engineers that support our organization’s goal of building and releasing software that our customers can trust.

As an Application Security Engineer, you will ensure that our software is designed and implemented following security best practices. You will leverage your technical knowledge to enable developers and engineering teams to move quickly without compromising on security.

We are looking for someone with a strong application security engineering and development background. The ideal candidate will partner with development teams to threat model attack scenarios and derive corresponding security requirements, review code to uncover vulnerabilities/flaws, and test/participate in attack simulations with our internal Ethical Hacking organization.

As an AppSec Engineer you will:

Work with our code.

Develop techniques to ensure global security and development teams find flaws before they are introduced into production.

Be a security subject matter expert on software security.

Work with development teams to design solutions that are inherently secure.

Be a champion for simple security models.

Correctly balance security risk and product advancement.

Lead software security initiatives

Lead or participate in threat modeling discussions.

Perform code deep dives to uncover security vulnerabilities or design flaws.

Document findings and architectural issues for development and other security team's consumption

Evaluate the security posture of existing applications.

Perform proactive research to detect new attack vectors and pen test internal and external apps.



We are looking for someone who has:

Software development experience in a production environment.

A deep understanding of the web application architecture.

A knack for finding flaws in software and can efficiently communicate how to fix them.

Effective communication skills and is accustomed to working closely with a product team.

Does not always default to industry norms when solving a problem.

An ability to think like an attacker to develop threat models.

Has designed and implemented mitigations for common classes of bugs.

Qualifications

7 or more years of proven experience in at least 2 of the following areas:



Threat Modeling

Manual Code Reviews/Peer Code reviews with the focus on security

Familiar with application security control frameworks and its current usage in modern distributed web applications (e.g. Authentication, Cryptography and Data Protection, Authorization, Web Service Security, Security Headers)

Static Source Code Review and Software Composition Analysis Tools (e.g. Checkmarx, Black Duck, Fortify, etc.)

Coding experience in one or more general languages (C#, Java, Kotlin, etc.) at production environments

Mobile App security.



Preferred Qualifications:

7 years of relevant work experience

Distributed System Design Experience

Comfortable with usage of Unix/Linux systems

Container Security

Detail-Oriented

#LI-Hybrid

Company Overview

Here at UKG, Our Purpose Is People. UKG combines the strength and innovation of Ultimate Software and Kronos, uniting two award-winning, employee-centered cultures. Our employees are an extraordinary group of talented, energetic, and innovative people who care about more than just work. We strive to create a culture of belonging and an employee experience that empowers our people. UKG has more than 13,000 employees around the globe and is known for its inclusive workplace culture. Ready to be inspired? Learn more at www.ukg.com/careers

EEO Statement

Equal Opportunity Employer

Ultimate Kronos Group is proud to be an equal opportunity employer and is committed to maintaining a diverse and inclusive work environment. All qualified applicants will receive considerations for employment without regard to race, color, religion, sex, age, disability, marital status, familial status, sexual orientation, pregnancy, genetic information, gender identity, gender expression, national origin, ancestry, citizenship status, veteran status, and any other legally protected status under federal, state, or local anti-discrimination laws. 


View The EEO is the Law poster and its supplement. 

View the Pay Transparency Nondiscrimination Provision

UKG participates in E-Verify. View the E-Verify posters here.


Disability Accommodation

For individuals with disabilities that need additional assistance at any point in the application and interview process, please email UKGCareers@ukg.com.

Apply