Job Title

Senior Application Security Engineer Job Description CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information, analytics, and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100, CoStar Group is on a mission to digitize the worlds real estate, empowering all people to discover properties, insights and connections that improve their businesses and lives. We have been living and breathing the world of real estate information and online marketplaces for over 35 years, giving us the perspective to create truly unique and valuable offerings to our customers. Weve continually refined, transformed and perfected our approach to our business, creating a language that has become standard in our industry, for our customers, and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers, our employees, and investors. By equipping the brightest minds with the best resources available, we provide an invaluable edge in real estate. A great opportunity for a Senior Application Security Engineer play a pivotal role in enhancing our Application Security (AppSec) practices, ensuring that security is embedded throughout the software development lifecycle. You are a seasoned expert who not only possesses deep technical knowledge but also excels at building relationships and collaborating across teams. Reporting to the Group Engineering Manager - Product Security, you will be instrumental in embedding security throughout the software development lifecycle, working directly with our development teams to guide and advise them on best practices. A key part of the role will be to drive the implementation and adoption of some of the initiatives from our Application Security Framework. You will also provide crucial support to our Governance, Risk & Compliance (GRC) and Security Operations teams, ensuring our posture is resilient, compliant, and ready to respond to threats. Responsibilities Proactively embedding security into the software development lifecycle by conducting implementation reviews of solution designs and leading threat modelling sessions. Lead efforts to integrate security into DevOps processes, promoting a culture of security awareness and ownership. Performing handson security code reviews and acting as a key security advisor to development teams, providing guidance on addressing vulnerabilities and best practices. Managing and operating our security tools, including those that are integrated into the CI/CD pipeline. Partnering with the Governance, Risk & Compliance (GRC) and Security Operations teams to ensure adherence to relevant regulations and industry standards and collaborating and supporting the investigation and response to security incidents. Experience and Education Essential Minimum education of a bachelors degree in relevant information and technology fields 5 years + in a Product/Application Security or DevSecOps role. Strong knowledge of DevOps principles and practices, as well as security best practices. Strong problemsolving and communication skills. Collaborative and teamworkoriented mindset. Proficiency in scripting and automation (e.g., Java, C/C++, C#, Python, JavaScript, PowerShell) Experience with container security (Docker, ECS, Kubernetes) and cloud security (AWS, Azure, or GCP). Preferred Tertiary qualifications in Computer Science, Software Engineering, Cybersecurity or a related field. Relevant certifications (e.g., AWS Certified Security - Speciality, GPEN, OSCP, OSCE) are highly desirable. Extensive experience and strong understanding of AWS services and cloud security controls including but not limited to IAM, KMS, VPC, Security Groups, AWS Inspector, Guard Duty and SCPs. CoStar Group is an Equal Employment Opportunity Employer; we maintain a drugfree workplace and perform preemployment substance abuse testing. CoStar is committed to creating a diverse environment and is proud to be an equal opportunity workplace and affirmative action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status. CoStar is also committed to compliance with all fair employment practices regarding citizenship and immigration status. If you are a qualified individual with a disability or a disabled veteran, you may request a reasonable accommodation if you are unable or limited in your ability to use or access www.costargroup.com/careers as a result of your disability. You can request reasonable accommodations by calling 1-855-840-1715 or by sending an email to [email protected]. #J-18808-Ljbffr