<div class="content-intro"><p style="line-height: 1.4;"><span style="color: rgb(0, 0, 0); font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>Who we are</strong></span></p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">DigiCert is a global leader in intelligent trust. We protect the digital world by ensuring the security, privacy, and authenticity of every interaction. Our AI-powered DigiCert ONE platform unifies PKI, DNS, and certificate lifecycle management, to secure infrastructure, software, devices, messages, AI content and agents. Learn why more than 100,000 organizations, including 90% of the Fortune 500, choose DigiCert to stop today’s threats and prepare for a quantum-safe future at <a href="http://www.digicert.com/">www.digicert.com</a></span></p></div><p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>Job summary</strong></span></p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">As a Senior Application Security Engineer specializing in application security and DevSecOps within our cybersecurity team, you will play a crucial role in safeguarding our company's web applications by integrating security practices into the Software Development Life Cycle (SDLC). You will be responsible for the proactive identification, assessment, and mitigation of security vulnerabilities, developing and driving the adoption of DevSecOps practices, and ensuring that security is embedded in all phases of software development.</span></p>
<p style="line-height: 1.4;"> </p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>What you will do</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Lead the integration of security measures into the SDLC, ensuring that all aspects of web application development are secure by design.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Conduct thorough security assessments and penetration testing for web applications to identify vulnerabilities and security gaps.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Play an advisory role with software engineering teams in the architectural design of new applications, emphasizing secure architectural patterns and best practices.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Perform and coordinate manual and automated code reviews.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Lead threat modeling exercises across engineering teams.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Collaborate with software development teams to implement DevSecOps practices, providing guidance on secure coding, automated security testing, and continuous monitoring.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Contribute to internal security tooling development or integration.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Develop and maintain a secure framework for code deployment, automating security processes where possible to streamline the development workflow.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Work cross-functionally with various teams, including IT, engineering, operations, and business units, to communicate security policies and procedures effectively.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Establish and maintain strong relationships with stakeholders, presenting complex security concepts in an accessible manner.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Stay abreast of the latest security threats, trends, and technologies in web application security and incorporate this knowledge into company practices.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Assist in the development and enforcement of security policies and procedures, ensuring compliance with industry standards and regulations.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Assist with managing bug bounty program.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Develop program documentation to promote operational stability and scalability.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Support Leadership in defining and executing the roadmap for DevSecOps maturity and secure SDLC initiatives.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Support governance and compliance teams on secure engineering practices for aligning security policies related to SDLC</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Drive and support security identified remediation efforts.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Foster and promote a security-forward culture.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Mentor junior team members.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Other duties and responsibilities, as assigned.</span></li>
</ul>
<p style="line-height: 1.4;"> </p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>What you will have</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">5+ years of experience in cybersecurity, with a focus on web application security and secure SDLC.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Proficiency with programming/scripting languages such as JavaScript, Python, Java, Bash, PowerShell.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience in penetration testing.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Bachelor’s or master’s degree in computer science, cybersecurity, or a related field.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Proven track record of working with DevSecOps tools (such as SAST/DAST/SCA) and methodologies.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong understanding of security protocols, cryptography, authentication, authorization, and security vulnerabilities.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Excellent communication skills with the ability to engage technical and non-technical stakeholders.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Strong analytical and problem-solving abilities, with a meticulous attention to detail.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Advanced level of knowledge of Information Security design concepts and principles.</span></li>
</ul>
<p style="line-height: 1.4;"> </p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>Nice to have</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Master's degree in a technical discipline</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Professional security certifications such as CISSP, OSCP, CEH, or equivalent are highly desirable.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Experience working in highly regulated environments.</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Advanced level of knowledge of IT frameworks and standards (NIST, OWASP Top Ten, COBIT, ITIL, ISO, PCI-PIN, GDPR, WebTrust, FedRAMP)</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Certified Information Systems Auditor (CISA)</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">AWS Solutions Architect</span></li>
</ul>
<p style="line-height: 1.4;"> </p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><strong>Benefits</strong></span></p>
<ul>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Generous time off policies</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Top shelf benefits</span></li>
<li style="font-family: arial, helvetica, sans-serif; font-size: 12pt;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">Education, wellness and lifestyle support</span></li>
</ul>
<p style="line-height: 1.4;"> </p>
<p style="line-height: 1.4;"><span style="font-family: arial, helvetica, sans-serif; font-size: 12pt;">#LI-GA1</span></p>
<p style="line-height: 1.4;"> </p>
<p> </p>
