Application Security Engineer
About The Position
As an Application Security Engineer, you will be providing application security expertise throughout the Software Development LifeCycle (SDLC) as well as being responsible for managing and driving forward the Application Security Analytics practices. A key part of your role will also involve validating and testing web applications in order to ensure applications meet the requirements of the SDLC Policy and industry best practices. In addition, undertaking threat modelling and conducting periodic penetration testing using best of breed tools, a good understanding of the OWASP Top 10 vulnerabilities and maintaining documentation. You'll perform various day-to-day activities related to ensuring the security of Sequoias application environment. These tasks may include conducting application security reviews to identify vulnerabilities in software applications that could be exploited by attackers, performing penetration testing to assess the effectiveness of existing security controls and identify potential weaknesses, providing training and outreach to internal development teams to improve their understanding of security best practices, developing security guidance documentation to help others understand how to implement secure systems and applications, developing security tools to automate or streamline security processes, delivering security metrics to stakeholders and working on improving the overall security posture of your organization.
Requirements
- 5+ years' experience with emphasis on application development, application security or related fields.
- 3+ years of programming in Python, Ruby, Go, Swift, Java, .Net, C++ or similar object-oriented language experience
- 2+ years of any combination of the following: threat modeling experience, secure coding, identity management and authentication, software development, cryptography, system administration and network security experience
- 3+ years' experience in application security technologies with knowledge of application security threats. Experience with threat modeling, attack surface analysis, penetration testing, software vulnerability assessments, and understanding of software security threat vectors.
- Knowledge of Component Analysis using tools such as OWASP Dependency-Check, Bytesafe Dependency Checker, Patton, PHP Security Checker, etc.
- Experience with static and dynamic application security testing.
- Experience with AWS products and services
- Bachelor's degree in computer science or equivalent
Nice To Haves
- Experience as an application security engineer using a suite of tools used for the following:
- Recon and Information Gathering (e.g. Nmap, NetCat, Spiders, OWASP Zed Attack Proxy).
- Mapping and Discovery (e.g. Burp Suite with plug-ins)
- Exploitation of top OWASP vulnerabilities such as SQL Injection, Cross-site Scripting (XSS), Cross-Site Request Forgery (CSRF) attacks, etc. Experience with tools such as MetaSploit, AppScan or WebInspect.
- Knowledge of Threat modeling using PASTA and STRIDE methodology.
- Knowledge of OWASP Best practices
- Knowledge of OWASP Testing Guide 4.0
- Knowledge of OWASP Code Review 2.0
- Knowledge of Software Component Verification
Responsibilities
- Application security reviews
- Mobile security reviews
- Secure architecture design
- Threat modeling
- Projects and research work as needed
- Security training and outreach to internal development teams
- Security guidance documentation
- Security tool development
- Security metrics delivery and improvements
- Assistance with recruiting activities and administrative work
Benefits
- competitive compensation
- base salary
- performance-based bonus programs
- comprehensive benefits package
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
