Join the Mend.io Team!

It’s an exciting time to be at Mend.io.

Helping our people thrive lies at the heart of our culture. The people who drive our success are a global and diverse group who support each other and share a passion for safeguarding a digital world.

At Mend.io we are building a strong, diverse team of curious, creative people who support each other and produce innovative software products.

Application Security Engineer Lead

Remote, Lisbon

Mend.io is a successful, rapidly growing start-up offering a unique cloud-based solution of open-source management and security. We are getting millions of customer source code programs from all over the world and analyzing them automatically on a daily basis

We are expanding our portfolio of products, by starting the development of a new, state-of-the-art, cloud-based solution in the field of application security.

We are looking for a highly motivated, talented, and hands-on Application Security Engineer who will participate in building our next-generation static code analysis engines for detection and remediation capabilities. This role offers challenges across a wide variety of responsibilities. You will have an opportunity to establish the application security discipline in the SAST group, and define working procedures, processes, and tools. 

The successful candidate will work closely with algorithms developers, improving the engines, developing security rules, performing a security review of source code, and suggesting optimization. We are searching for a team player with a can-do approach.

Responsibilities:  

  • Performing security source code analysis.
  • Analyze application vulnerabilities and provide mitigation strategies.
  • Researching, designing, and writing application security rules for detection, while working closely with a development team for SAST
  • Analyzing different programming frameworks in different programming languages for potential sources and sinks for SAST.
  • Handling complex cases escalated from the field and other teams.
  • Improving Mend SAST engines for various programming languages.

Requirements:

  • Experience with security review of source code – Must!
  • At least 5 years of experience in application security or security research, including the understanding of application security attacks, vulnerabilities, and mitigations- Must!
  • Understanding at least 2-3 of the following programming languages -Java, C#, Go, JS, Python, PHP, Ruby, etc- Must!
  • Language agnostic approach to vulnerability identification in the source code (ability to read multiple programming languages source code and identify vulnerable parts).
  • Knowledge of common Web Application security vulnerabilities (OWASP TOP10, SANS 25, etc.)
  • Proven experience leading tasks and projects end-to-end, passion to grow to a TL position
  • Excellent English – written and verbal.
  • Excellent interpersonal and communication skills.

Advantages: 

  • BSc or BA in Computer Science or a similar degree
  • Experience in managing application security engineers
  • Experience working with development teams.
  • Experience with bug bounty research or published advisories or exploits for discovered 0day vulnerabilities in applications. 


Mend’s Diversity Commitment

At Mend, we believe bringing together the diversity of experience and background creates a better place to work, a better product, and more opportunities to innovate. Mend is committed to doing its part to mend the equity gap, fostering a safe, inclusive environment to inspire and support employees to be their authentic selves and provide development opportunities for all.

Mend.io (formerly WhiteSource) effortlessly secures applications without burdening the developers who create them. With over a decade of experience helping more than 1,000 organizations build next-gen AppSec programs, our technology improves security outcomes while accelerating development.

;