Internet Storm Center

Job Description

ABOUT THE TEAM
The RealPage Information Security team analyzes security risks associated with application code and consults with developers to enhance their knowledge of security primitives, damage potential within the context of specific applications, and recommended remediation steps. We work closely with our teammates from IT, Product Development, and across the business to coordinate, execute, and iterate on our application security strategies and capabilities. We work with industry-leading tools, develop expertise in application architectures and design patterns, and implement creative solutions to complex problems.

WHAT YOU’LL DO
As an Application Security Architect, you will work closely with our engineering organization and development teams to help influence the security culture and knowledgebase of our enterprise and drive results in achieving desired security outcomes. You'll be hands-on with technologies to assess software composition analysis (SCA), both static and dynamic application security (SAST/DAST), and real-world exploitability of applications via penetration testing.
You'll help to create and manage secure development practices and implement frameworks to ensure continuous monitoring of the effectiveness of our application security program. You'll provide your in-depth expertise to help analyze and guide teams on best practices and remediation of issues, creating feedback loops to democratize knowledge across the organization. You will also have opportunities to influence continuous improvement efforts in areas such as threat modeling, mobile and API security, Infrastructure as Code, and container security.
Additionally, you will cultivate strong relationships with engineering leadership stakeholders beyond the RealPage security organization as well as provide mentorship to other members within the application security team. To make all of this happen, you will help plan and execute large and challenging projects across RealPage lines of business.

PRIMARY RESPONSIBILITIES
On a daily basis you'll be responsible for the following:
• Collaborate with architecture community to align security roadmap with enterprise technology solutions
• Develop and implement automated security assessments triggered via CI/CD tooling within DevOps platform(s), including custom script development as needed to support integrations
• Engage with developers to explain the technical mechanisms of security vulnerabilities, educate them on the adverse outcomes that are possible given the context of the application, and define remediation action plans
• Optimize the effectiveness of application security tools via configuration and runtime diagnostics, including SCA, SAST, and DAST tools
• Perform penetration testing against RealPage application targets
• Consult with stakeholders to threat model RealPage applications
• Contribute towards necessary documentation and metrics development activities that enhance the maturity of the application security program
• Develop and maintain secure coding standards and contribute towards a body of knowledge to streamline remediation efforts
• Iteratively revise feedback loops to broadly disseminate application security knowledge and raise the collective intelligence of the organization
• Assist with incident response activities as needed
• Create reports and executive-level communications for critical application security notifications
• Identify and recommend new cost-effective application security solutions to meet/exceed business requirements
• Plan, mentor, and guide the work of application security staff

MINIMUM QUALIFICATIONS
• 7+ years of overall experience as a technologist, including at least 2+ years as a software engineer
• 5+ years of information security experience, including at least 3+ years of application security and/or offensive security experience
• Proficiency in reading, writing, and auditing Python or JavaScript and the ability to pick up new languages/technologies
• Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs
• Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
• Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments
• In-depth knowledge of application vulnerabilities and misconfigurations, how to fix them, and how to prevent them
• Familiarity with the cyber kill chain and the ability to apply its concepts to understand the increased risks of vulnerability chaining from an adversarial perspective as well as appropriate mitigation strategies to limit damage potential
• Hands-on experience with deployment and operation of common tools for SCA, SAST, DAST, and penetration testing
• Experience with industry standard application security frameworks and standards
• Experience with guiding and aligning multiple distinct product development teams to a common goal of application security
• Excellent planning and prioritization skills
• Excellent written and verbal communication skills
• High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
• Strong collaborative skills and willingness to educate and mentor others
• Certifications including OSCP, OSWE, GWAPT, GPEN, GPYC, or similar

EXCEPTIONAL QUALIFICATIONS
• A personal GitHub repository demonstrating use and customization of security tools
• Contributions to open-source community efforts
• A history of competing in “Capture The Flag” (CTF) exercises to sharpen your skills
• Acknowledgements from bug bounty programs and/or credit from vendors for the discovery of CVEs impacting their products

STILL READING?
If this job description doesn’t sound like an exact match, please apply anyway. The RealPage security team values grit and determination over pedigree. If you have a thirst for knowledge and seek an opportunity to level up your skills while working with passionate colleagues, this is the job for you.