APPLICATION SECURITY ENGINEER - APPSEC

Hey you!   Want to work for one of the fastest growing SaaS companies in the world?   We’re building the next generation of learning software that companies like AWS, Netflix, Opentable and L’Oreal rely on to deliver training   We believe learning is for everyone, and that we all have something we can learn from each other.
We rely on one another to continuously innovate our products and processes to create an exceptional experience for our employees, customers and partners.
Still not sure? We are a culture where values are at the center of everything we do.
We also embody what we call the Docebo Heart.
We trust our teammates, assume the best of one another, and also hold space for all the differences that make us better.
So what are you waiting for? Apply today! Join 800+ global Docebians and change the way people learn.
Are you ready to be a part of the learning revolution?   About This Opportunity.
The Application Security Engineer plays an important role in integrating and supporting the AppSec team, including stakeholders across Development and DevOps.
This role is highly technical and hands-on while displaying superior collaboration and communication skills.
The Application Security Engineer will support the execution of application security assessments including architecture review, threat modeling, code review, and penetration testing, assisting and enabling the product teams to adopt secure development practices.
Reports to.
Application Security Manager Location.
Biassono or Milan, Italy (Hybrid) \ Responsibilities.
Provides application security support to development teams.
This includes collaborating to manage and integrate application security tools and processes.
Provide vulnerability and remediation guidance, and perform basic configuration of scans.
Triage and validate scan findings, before inputting the associated work tickets.
Maintain a focus on automation, to support scalability and efficiency.
Coordination and review of penetration testing activities by third-party ethical hackers and vendors.
Tuning of DAST/SAST/SCA tools to remove false findings.
Management of the Threat Modeling program, to drive a triaged and structured approach towards managing security risks.
Work closely with architecture and product teams to drive security issues to resolution, and monitor against SLAs.
Requirements.
Fluent in English Deep technical knowledge of Threat Modeling and OWASP methodologies.
Hands-on experience using Burp Suite, ZAP, SAST & DAST tools.
Understanding of how scanning tools, penetration tests, and post-deploy scanning tools work together in the application security lifecycle.
Deep, hands-on experience implementing AppSec tools into a DevOps pipeline.
Solid understanding of application security issues, risks, and mitigation strategies.
Experience developing and refining Secure SDLC documents and processes.
Experience building and leading Information Security training focused on secure development practices and based on OWASP principles.
Experience assessing and securing open-sourced software components.
Advanced interpersonal verbal and written communications skills.
Nice to have.
Background as a Developer, with experience in QA.
Experience as a DevOps or SRE Engineer.
Experience in Software Development and/or Security-related positions Hands-on experience with Terraform is a plus.
Professional certification is a plus (OCSP, SANS, or similar).
\ Benefits & Perks -Generous Vacation Policy, plus 2 extra floating holidays to use for religious or cultural events that matter to you -Employee Share Purchase Plan -Career progression/internal mobility opportunities -Four employee resource groups to get involved with (the Docebo Women's Alliance, PRIDE, BIDOC, and Green Ambassadors) -WeWork partnership and “Work from Anywhere” program Hybrid Office Model We believe when people are together, they develop deeper relationships and accelerate innovation.
Because of this, all Docebo employees worldwide are “hybrid.” We encourage in-person collaboration while supporting work-from-home when employees need dedicated focus time, allowing Docebians to do their best every day.
Each team leader is able to decide how often their teams come into the office, considering the needs of the team and the employee’s needs.
Our Talent Acquisition team will let you know about the role you are applying for and the hybrid details during the first interview.
About Docebo Here at Docebo, we power learning experiences for over customers around the world with our easy-to-use, AI-powered Suite designed to close the enterprise learning loop.
We have successfully achieved 2 IPOs (TSX.
DCBO & NASDAQ.
DCBO), been recognized as a Top SaaS e-learning Solution, and are growing exponentially in the process.
Docebo is a global company with offices in North America, EMEA, APAC and more.
Our people believe in six core values, simply defined and manifested in everything we do - Innovation, Simplicity, Accountability, Togetherness, Curiosity, and Impact.
If this sounds like you, now is your time to join one of the fastest-growing learning technology companies on the market.
Apply today! Docebo is an Equal Employment Opportunity employer.
We are committed to diversity and inclusion in our workforce.
All qualified applicants and employees will receive consideration for employment regardless of their race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), national origin, citizenship status, age, disability, genetic information, or any other category protected under applicable law.
Any individuals requiring a reasonable accommodation to assist with their job search or application for employment should send an e-mail to recruiting_accommodations (at) docebo.
om.
The e-mail should include a description of the requested accommodation and the position you’re applying for or interested in.