Company Description

Zayo provides mission-critical bandwidth to the world's most impactful companies, fueling the innovations that are transforming our society. Zayo's 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo's communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.

The Senior Application Security (AppSec) engineer's role and responsibility is to protect Zayo developed applications and networks from cybersecurity attacks and unauthorized access. This engineer will be responsible for mitigating security defects in Zayo developed applications via multiple techniques and tools, including but not limited to threat modeling, attack surface analysis, code scanning, software composition analysis, application security testing, and penetration testing. The AppSec engineer will also consult with developers to find and remediate security defects in code and help educate developers in secure coding techniques.

The AppSec engineer will investigate, implement, manage, and monitor technical and administrative controls to protect the organization's information assets' confidentiality, integrity, and availability. They would also be responsible for defining service roadmaps and maturity targets and helping develop junior engineers. The primary area of responsibility will be around application security testing leveraging DAST, SAST, SCA, and other solutions, helping developers remediate found issues, conducting internal penetration testing, and interfacing with our Bug Bounty vendor to address discovered issues. Partners with IT and Cybersecurity architects and engineers, working groups, project teams and application owners to support business and regulatory objectives. This role may be required to provide occasional on-call support.

Job Responsibilities:

• Investigate and implement new or improved technologies and tooling, such as SAST, DAST, SCA, etc., to strengthen our security posture and drive innovation while maximizing ROI and following industry best practices.

• Collaborate with multiple global development teams to ensure their applications meet or exceed our security standards.

• Utilize security tools to find and track security defects in various applications.

• Conduct security assessments, such as Threat Modeling, Attack Surface Analysis, Vulnerability Assessments, and Penetration Tests of our applications/services.

• Partner with developers, program owners, and other technical areas to remediate security defects in our applications and educate them on security issues and mitigation techniques.

• Collaborate with fellow Application Security engineers to ensure application coverage and knowledge transfer.

• Identify, troubleshoot, and resolve security process and system problems.

• Collaborate with external security vendors, such as pen testing, bug bounty, etc., to ensure Zayo's applications are covered at appropriate levels.

• Helps drive secure development standards, SDLC, and other documentation.

• Develops program-specific metrics (SLAs, KPIs, etc.) and measurements.

• Is responsible for multiple technologies across multiple areas of cybersecurity.

Experience and Education Requirements:

• Bachelor's degree in computer science, cybersecurity, programming, database administration, or a related field or an equivalent combination of education and experience.

• Software development experience in a variety of languages and frameworks, with Java, JavaScript, Apex, and C# preferred

• Experience with security testing technologies such as SAST, DAST, IAST, etc., and pipeline automation

• Penetration Testing of web and non-web applications

• Threat modeling, attack surface analysis, and vulnerability assessments

• Experience working in multiple distributed cloud environments

• Experience with virtualization, containers, and orchestration

• Security certifications, such as OSCP, GPEN, etc., are a plus

• Experience with various authentication/authorization technologies a plus

• Experience with SIEM, IR, and SOC is a bonus

• Excellent verbal and written communication skills

Base pay range: $136,900 - $155,000, commensurate with experience.

#LI-NP1

Benefits, Rewards & Wellness

• Excellent Health, Dental & Vision Insurance

• Retirement 401(k) Savings Plan

• Fitness membership discounts

• Generous paid time off policy including paid parental leave

Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.