Application Security Engineer

About The Position

Requirements

• Bachelor’s degree in Business, Management, Information Systems, OR equivalent professional experience.
• 2+ years experience in a security technical role or software development.
• Experience with application security tooling and processes, including code review, static code analysis, penetration testing, risk management, etc.
• Experience with data encryption, cryptography and encryption key management.
• Experience with configuration management and DevOps practices to ensure security is built into the SDLC process.
• Development experience in Java, JavaScript and Python.
• Scripting and automation experience using RESTful APIs.
• Knowledge of SANS/CWE Top 25, OWASP Top 10 Application Security principals.
• Strong knowledge and experience in implementing SDLC best practices.
• Knowledge with Git and version control best practices.
• Solid understanding of OSI model, TCP/IP, HTTP and TLS.
• Knowledge of C.I.A. (confidentiality, integrity, availability) security principles and D.I.E. (distributed, immutable and ephemeral) security model.
• Passion for application security and continuous learning.
• Able to concisely communicate security risks to both technical and business audiences.
• Attention to detail.
• Ability to work independently, and as part of a team.
• Ability to multitask and prioritize work effectively.

Nice To Haves

• Ability to innovate and find creative solutions that balance business needs with security needs.
• Familiarity with application layer assessment tools, such as local proxies and fuzzers.
• Familiarity with threat modeling and security design review methodologies.

Responsibilities

• Function as a subject matter expert for security solutions within the organization’s platform.
• Integrate security solutions into the SDLC process.
• Work with development teams to improve the security of CI/CD processes by ensuring version control for source code, scanning code for vulnerabilities in the build pipeline, and ensuring public/private repositories are trusted and secure.
• Design and develop coding standards across infrastructure, application, and data security, building out guidelines and standards to drive a standardized set of security requirements that align with internal policies and meet external compliance/regulatory requirements.
• Help evolve application security functions and services.
• Prioritize, triage and remediate vulnerabilities and findings from security scans and bug bounty programs.
• Review security test results from vulnerability scans and penetration tests and propose appropriate remediation measures or mitigation controls, conduct a remediation plan and supervise its progress.
• Improve and support application security tool deployments including static analysis, dynamic testing and software composition analysis tools.
• Conduct security code reviews for various languages and frameworks of web and mobile applications.
• Identify security exposures and develop mitigation plans.
• Investigate and report vulnerabilities in systems and platforms.
• Assess the application threat landscape through threat modeling and architecture reviews.
• Develop metrics and reporting on the posture of the application security program.

Benefits

• medical
• dental
• vision
• prescription drug coverage
• unlimited paid time off (PTO)
• adoption or surrogate assistance
• donation matching
• tuition reimbursement
• basic life insurance
• basic accidental death & dismemberment
• supplemental life insurance
• supplemental accident insurance
• commuter benefits
• short term and long term disability
• health savings and flexible spending accounts
• family care benefits
• a generous 401K savings plan with a company match program
• 10-12 paid holidays annually
• generous paid parental leave (birthing and non-birthing parents)
• voluntary benefits such as pet insurance, accident, critical and hospital indemnity health insurance coverage, life and disability insurance