Application Security Engineer

About The Position

Requirements

• Bachelor's degree in Computer Science or related field.
• 2+ years of hands-on application security experience.
• Hands-on development experience and thorough understanding of object-oriented programming.
• Advanced knowledge of web application technologies, MVC, Ajax, XML, SOA, SSL, web-related protocols and services.
• Intermediate knowledge of MS SQL.
• Basic knowledge of other commonly-used RDBMS.
• Ability to identify security vulnerabilities from source code reviews and testing.
• Knowledge of encryption technologies, secure communications, and secure credentials management.
• Advanced experience with at least one scripting language (e.g.: Perl, Python).
• Intermediate proficiency with C/C++ or Java.
• Advanced knowledge of common application vulnerabilities, (e.g.: XSS, CSRF, SQL injection, cookie/header/encoding manipulation, input/output validation, session replay).
• Intimate familiarity with web application testing tools (eg: Burp, Parox, Fiddler, Havij, netcat).
• Ability to define application security requirements and build secure web application solutions.
• Advanced written and verbal communication skills including ability to present technical subjects to non-technical audiences.
• Strong work ethic, attention to detail, and organizational skills.
• Ability to multi-task and manage priorities in a fast-paced environment.
• Ability to collaborate in a team and work independently.
• Conceptual understanding of software development principles and SDLC models.
• Intermediate proficiency with the Microsoft Office suite.
• Windows and Linux operating systems knowledge at advanced user level.

Nice To Haves

• Thorough understanding of Java, C#, ASP.NET.
• Experience with lower-level languages (Assembly), debug and reverse-engineering tools (IDA, etc.).
• Ability to write proof-of-concept exploits.
• Agile experience.

Responsibilities

• Identify risks and areas of exposure in applications developed and/or used by BlackLine.
• Perform security reviews of source code, stored procedures, and server/service configurations.
• Define and document application security requirements for BlackLine applications.
• Oversee development of security components throughout all stages of the SDLC.
• Perform manual and automated security testing of BlackLine applications.
• Monitor application logs and audit trails.
• Monitor industry trends and threat landscape and recommend necessary controls or countermeasures.
• Educate developers on secure coding techniques and security best practices.
• Participate in development of security policies, standards, and processes.
• Participate in incident handling and perform application-related forensics activities.
• Perform other duties as assigned.