Application Security Engineer

About The Position

Requirements

• 2+ years of experience in an information security role
• 2+ years of security experience with AWS and other cloud service platforms
• Familiarity with common web application languages and frameworks (HTML, PHP javascript, Node.js, React.js, Nest.js, Next.js)
• Solid understanding of common CI/CD tools (Github, Docker, Jfrog, CircleCI)
• Solid understanding of common application vulnerabilities
• Solid understanding of secure development tools (SAST, DAST, SCA, etc)
• Solid understanding of IT fundamentals (operating systems, networking, the OSI model)
• Basic understanding of security frameworks such as CIS, NIST, ISO/IEC 27001
• Excellent written and verbal communication skills
• High level of personal integrity

Nice To Haves

• Degree in IT or Information Security related field
• Certifications such as Security+, OSCP, GPEN, ITCA
• Experience working with compliance controls (SOC2, FedRAMP, etc)

Responsibilities

• Assist with the development and maintenance of secure development policies and procedure documentation
• Partner with the product and engineering teams to integrate reproducible security practices into the software development lifecycle
• Develop and implement both manual and automated security processes to identify, evaluate, and mitigate security risks
• Conduct threat models, code reviews, pen testing, and offensive security exercises
• Set up and manage vulnerability scanning tools and manage remediation of identified issues
• Communicate vulnerability details in a manner understood by technical and non-technical business units

Benefits

• We believe you do your best work when your whole life is supported. We invest in our crew’s health, families, and financial futures with a benefits package designed to support you inside and outside the office.