AppSec Engineer I

About the role

The AppSec team at Liveperson is responsible for testing the security of LivePerson applications and environments, on-premises and cloud. All of our AppSec team members are expected to have a thorough understanding of complex IT systems and stay up to date with the latest security vulnerabilities, standards, systems and protocols, as well as testing tooling and methodologies. This role manages SDLC integrated application security testing tooling and integrations, drives risk reduction and vulnerability remediation and assists in the closing of discovered vulnerabilities and weaknesses. The right candidate will have a can do, follow-up and follow through attitude. They will be able to understand and assess our environments for vulnerability and communicate the associated risk to internal and external stakeholders. You will: Manage and enhance application security tools (Static Code Analysis, Open Source vulnerabilities tools, Dynamic Application Security tools, etc), integrations, and develop in-house application security automation tools Validate discovered vulnerabilities using code review skills and manual/semi-automatic tooling like Burp. Validate external penetration test results and work with internal and external stakeholders. Perform some security penetration tests (both application and infrastructure for Web and mobile applications) Work with the engineering and security teams to provide actionable reporting, find and explain security issues, suggest mitigations, and determine when issues are mitigated. Stay up to date on the latest testing tools and techniques ensuring both your and the team is using the most effective and efficient methods. Produce both high level and detailed reports and metrics to support data-based decisions. Assist in creating and updating Application Security procedures, policy, standards and guidelines Train, coach and mentor other members of the team, development and the broader LivePerson Security and Engineering teams. You have: Understanding of software security architecture and design Broad experience of information security and AppSec testing techniques Have practical experience in an application security role with manual testing Solid understanding of cloud environments (GCP especially), web protocols, weaknesses and vulnerabilities Good working knowledge of current IT risks and experience testing, exploitation and mitigation techniques Working knowledge or experience with one or more of the following: Shell, Java, Python, or Node.js Experience developing automation and exploitation scripts Experience or strong interest in penetration testing, including cloud deployed applications Ability to interact with a broad cross-section of personnel to explain security vulnerabilities Highly curious and dedicated to continuous learning Excellent written and verbal communication skills

Benefits

Additional Information

LivePerson (NASDAQ: LPSN) is the global leader in enterprise conversations. Hundreds of the world's leading brands - including HSBC, Chipotle, and Virgin Media - use our award-winning Conversational Cloud platform to connect with millions of consumers. We power nearly a billion conversational interactions every month, providing a uniquely rich data set and safety tools to unlock the power of Conversational AI for better customer experiences. At LivePerson, we foster an inclusive workplace culture that encourages meaningful connection, collaboration, and innovation. Everyone is invited to ask questions, actively seek new ways to achieve success, nd reach their full potential. We are continually looking for ways to improve our products and make things better. This means spotting opportunities, solving ambiguities, and seeking effective solutions to the problems our customers care about.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at liveperson? Share your experience