Security Engineer

📋 Description

• • Join Kiss My Apps, a dynamic platform company at the forefront of innovation, boasting 7 product verticals and over 30 AI-first products that reach more than 100 million users worldwide. Our ecosystem thrives on proprietary analytics, payment, and marketing solutions, powering leading products in utilities, lifestyle, and health & fitness, such as AI Remodel, Printer, Botan, and Calorie Counter. These products consistently achieve top rankings in the App Store, addressing the needs of a vast global community.
• • Our competitive advantage lies in our rapid growth, with Kiss My Apps scaling at a minimum of 3x year-over-year. To sustain and accelerate this expansion safely, we are building a robust security function from the ground up. We are seeking a highly motivated and experienced Security Engineer (DevSecOps / AppSec) to integrate security seamlessly into our development processes, CI/CD pipelines, and product infrastructure.
• • This is a unique opportunity to be the foundational member of our security team. You will have the autonomy to build security practices from scratch, with the clear potential to grow into a Head of Security role, shaping the strategic direction for protecting products used by hundreds of millions of people. Your impact will be immediate and far-reaching.
• • Your primary responsibilities will revolve around establishing and embedding Secure Software Development Lifecycle (SDLC) practices into our existing development workflows. This includes architecting and implementing security controls that are integral to every stage of development, from initial design to deployment and ongoing maintenance.
• • A key focus will be the automation of application security. You will integrate Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) tools, along with other security scanners, directly into our CI/CD pipelines. This automation will ensure that security checks are performed continuously, identifying and flagging vulnerabilities early in the development cycle.
• • You will be instrumental in the detection, analysis, and remediation of vulnerabilities found within our applications and their dependencies. This involves not just identifying issues but also working closely with engineering teams to ensure timely and effective resolution, minimizing risk to our users and products.
• • Developing and automating foundational mechanisms for phishing protection and other critical security controls will be another significant aspect of your role. This proactive approach will help safeguard our users and brand reputation against evolving threats.
• • You will act as a security consultant for our engineering teams, providing expert guidance on secure coding practices, architectural security reviews, and general security best practices. Your expertise will empower developers to build more secure software from the outset.
• • A crucial part of fostering a security-first culture involves conducting security training sessions and raising awareness among all teams. You will be responsible for educating our workforce on security threats, best practices, and their role in maintaining a secure environment.
• • You will participate in the monitoring of our systems and contribute to security incident response efforts. This includes helping to establish protocols for detecting, analyzing, and responding to security incidents efficiently and effectively.
• • Furthermore, you will assist in the implementation of asset and risk management approaches, ensuring that we have a clear understanding of our digital assets and the associated security risks, enabling informed decision-making and resource allocation for security initiatives.
• • This role offers a chance to define the security posture of a rapidly growing tech company, making a tangible impact on products used by a massive global audience. You will have the opportunity to shape the future of security at Kiss My Apps and grow your career exponentially.