Application Security Engineer - Moodle US

Moodle with us!

We're the world's most popular learning platform and we’re on a mission to empower educators to improve our world.

Find out about your new workplace...

Moodle is the world’s most trusted online learning solution. The engine of our ecosystem is Moodle LMS, the secure and customizable open source learning management platform used by over 250 million learners worldwide. Developed in conjunction with our community, Moodle LMS is complemented by an ecosystem of products including Moodle Workplace and a network of partners and services providing hosting, customizations and support. We also teach and support educators to create effective online learning experiences and share open education resources. Collectively, we empower educators to improve our world.

Moodle US, a newly formed US-based services division of Moodle Pty, provides services in learning design, implementation support, training, hosting, custom development, and support for Moodle LMS, Moodle Workplace, as well as other Moodle products.

We’ve built a passionate team of hard-working and driven people from all over the world, united by a shared belief in the ability of our platform to make a positive difference to our world. We respect our colleagues and value an open and innovative workplace, filled with integrity and of course a strong focus on education (yes, these are our company values!)

Find out more about us on our website.

What your new role can look like…

The Application Security Engineer identifies and mitigates security weaknesses of the applications developed and deployed within the organization. The individual is responsible for the proper testing, implementation, and configuration of application security controls to secure the company’s applications. The Application Security Engineer will run routine testing utilizing the industry best practices to ensure the company's applications are free from security vulnerabilities and will support the development activities to remediate identified software issues. The person will support the composition of related policies, guidelines and procedures requisite to the operational program. This role is ideal for a developing security engineer, with 2 to 4 years of experience.

With the pace of Moodle, no two days will ever be the same! You will...

• Screen Moodle software and platforms using security tools such as Veracode.
• Set up automated pipelines with security tools to produce reports identifying code deficiencies.
• Review output of these reports and communicate with the Software Development teams and other stakeholders to ensure issues are reviewed, flagged, and resolved.
• Provide guidance and lead the Software Development teams on best practice for secure code writing.
• Regularly communicate with teams.
• Self-organize, take initiative.
• Be solutions focused.
• Manage workloads to meet tight deadlines and prioritize your work.
• Ensure Moodle products are in line with security requirements for FedRAMP/StateRAMP certifications.
• Lead effort in the Software Development teams in obtaining and maintaining certification.
• Educate Software Development teams on requirements to maintain suitable security compliance.
• Write code in order to effectively respond to identified deficiencies and provide effective solutions.
• Use keen understanding of software composition to inform decision making.
• Write policies in support of security compliance.

Requirements

We’d love to hear from you, especially if you can talk to us about your:

• Strong understanding of software composition and security best practice
• Strong knowledge of PHP
• Experience with Veracode or similar DAST/SAST/DCA tools
• Jira experience
• Experience with software security auditing processes
• Understanding of agile development processes
• Understanding of git and source control in general
• Excellent communication skills
• A strong eye for detail
• Have a proactive and solutions-focused attitude
• Ability to work independently and take ownership of the role within the context of the department and organization and take initiative to improve security outcomes
• A strong team player who contributes actively to the overall team goals and projects 
• Highly organized with the ability to manage their own workload to meet tight deadlines with competing priorities

You’ll sweep us off our feet if you have:

• Moodle Programming experience
• Knowledge of HTML, CSS, Javascript & Ajax
• Understanding of databases and SQL
• Understanding of NIST 800-218 and other similar standards
• Knowledge of performance, object oriented principles, design patterns and security
• Experience/knowledge of FedRAMP certification and compliance requirements  

Benefits

What's in it for you?

We’ve already talked about the importance we place on achieving our mission to empower educators to improve our world, our passion for our values and some of the cool things we are doing as a company.

So what about this?!

• Fully remote opportunity, working from home or wherever suits you
• Flexible work schedule
• Supportive, passionate, and fun team
• Culture that fosters personal growth and development
• Salary range of $100,000 - $130,000 per year, depending on experience and education
• Plus, we’ll provide you with a benefits package, including health insurance coverage, employer 401(k) contribution, paid time off, group term life, and much more

Moodle US is an Equal Opportunity Employer and prohibits discrimination and harassment of any kind: Moodle US is committed to the principle of equal employment opportunity for all employees and to providing employees with a work environment free of discrimination and harassment. All employment decisions at Moodle US are based on business needs, job requirements and individual qualifications, without regard to race, color, religion or belief, family or parental status, or any other

status protected by the laws or regulations in the locations where we operate. Moodle will not tolerate discrimination or harassment based on any of these characteristics. Moodle encourages applicants of all ages.