Lead Application Security Engineer

N-able is the leading global provider of complete IT management and Automation solutions for Managed Service Providers (MSPs). Our award-winning product suite includes the industry's #1 RMM Service Automation Platform and has a proven track record of helping MSPs standardize and automate the setup and delivery of IT services to achieve true scalability.

The Lead/Senior Application Security Engineer plays a critical role in enhancing our application security posture by conducting advanced security assessments, leading security initiatives, and collaborating with development teams to integrate security into the software development lifecycle. The position plays a key role in identifying and mitigating security vulnerabilities to protect our applications and data.

This role is based in our Edinburgh hub.

• Assist in maturing organizational processes that drive complex security efforts for internal teams and external partners.
• Develop and implement workflows to automate security testing/vulnerability detection within the software development lifecycle.
• Advocate for security as a subject matter expert across multiple organizations, holding discussions on security topics and enhancing awareness of application security objectives across the organization.
• Collaborate with engineering teams by providing well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
• Work with technology built with programming languages, such as C++, C#, GO, .NET framework, Java, JavaScript/TypeScript, PHP, Python, Ruby and Swift.
• Support engineering and enterprise teams in realizing a secure-by-design program.
• Effectively communicate security risks to different audiences, ranging from business leaders to engineers.
• Experience with the review & approval of third party or open-source software libraries.

• Considerable years of experience in information technology, with ideally a minimum 3 years in application security
• Experience working with large-scale multi-cloud, multi-account architecture CISSP, CISM, AWS Solutions Architect Professional, Azure Solutions Architect, or equivalent certification, is preferred
• Thorough understanding of OWASP Top 10 and Secure Development
• Expertise in automating security tools and integrations, including simple scripting
• Experience with application security tools (SAST, DAST, IAST and SCA)
• Strong technical knowledge of development and production release process, including CI/CD
• Experience with the application of threat modeling and other risk identification techniques Scripting (Perl, python, PowerShell, bash), RegEx and PCRE experience is desirable

• Medical, dental and vision coverage
• Generous PTO and observed holidays
• 2 Paid VoluNteer Days per year
• Employee Stock Purchase Program
• FuN-raising opportunities as part of our giving program
• N-ablite Learning – custom learning experience as part of our investment in you
• The Way We Work – our hybrid working model based on trust and flexibility

AtN-able, Inc.(NYSE: NABL), we are a global software company that turns IT possibilities into capabilities. That means we partner with technology leaders who support companies around the world by offering secure infrastructure and tools to navigate their evolving IT needs. We build strong relationships with our customers to help them thrive at every stage of growth, and at the heart of this effort is our network of N-ablites—a global team of extraordinary, diverse creators who are dedicated to making a difference in how our partners do IT.

#LI-NK1 #LI-Hybrid

• Considerable years of experience in information technology, with ideally a minimum 3 years in application security
• Experience working with large-scale multi-cloud, multi-account architecture CISSP, CISM, AWS Solutions Architect Professional, Azure Solutions Architect, or equivalent certification, is preferred
• Thorough understanding of OWASP Top 10 and Secure Development
• Expertise in automating security tools and integrations, including simple scripting
• Experience with application security tools (SAST, DAST, IAST and SCA)
• Strong technical knowledge of development and production release process, including CI/CD
• Experience with the application of threat modeling and other risk identification techniques Scripting (Perl, python, PowerShell, bash), RegEx and PCRE experience is desirable

• Assist in maturing organizational processes that drive complex security efforts for internal teams and external partners.
• Develop and implement workflows to automate security testing/vulnerability detection within the software development lifecycle.
• Advocate for security as a subject matter expert across multiple organizations, holding discussions on security topics and enhancing awareness of application security objectives across the organization.
• Collaborate with engineering teams by providing well-researched security advice to demonstrate vulnerabilities and provide secure development guidance.
• Work with technology built with programming languages, such as C++, C#, GO, .NET framework, Java, JavaScript/TypeScript, PHP, Python, Ruby and Swift.
• Support engineering and enterprise teams in realizing a secure-by-design program.
• Effectively communicate security risks to different audiences, ranging from business leaders to engineers.
• Experience with the review & approval of third party or open-source software libraries.