Application Security Engineer

About The Position

Requirements

• Bachelor's degree in a technical field such as computer science, computer engineering or related field required
• 5+ years of experience required in Cyber security and application security
• Familiarity with SAST, DAST, IAST tools.
• Understanding of AWS is required
• Deep understanding of OWASP top issues and remediation guidelines.
• Proficiency in one or more programming language ( Java, Python, JavaScript is preferred)
• Understanding of CI/CD tools such as Jenkins and GITLAB.
• Strong experience and detailed technical knowledge in security engineering, system and network security, authentication and security protocols, cryptography, and application security
• Experience in infrastructure or application-level vulnerability testing and auditing

Nice To Haves

• Familiarity with GenAI tools is a plus.
• Candidates with software development background is a plus
• Consistent implementation of security solutions
• Certifications like GWAPT, OSWE, Burp Suite Certified Practitioner are good to have

Responsibilities

• Perform security assessments and manual penetration testing using tools such as Burp Suite and other proxy tools.
• Triage static (SAST), dynamic (DAST), interactive (IAST) analysis results to identify, prioritize and remediate security vulnerabilities.
• Integrate security practices into C/CD pipeline to support DevSecOps initiative.
• Maintain documentation of security findings, remediation plans, and compliance requirements
• Develop and interpret security policies and procedures Participate in security compliance efforts
• Develop and deliver training materials and perform general security awareness and specific security technology training
• Evaluate and recommend new and emerging security products and technologies
• Leverage GenAI technologies to scale application security reviews and automate code analysis
• Evaluate various application security tools/capabilities i.e., SAST,DAST, IaC, Secrets detection tools
• Stay current with emerging security threats and countermeasures.
• Ability to train or explain the common security issues to raise the security awareness among developers and assurance engineers.
• Perform AWS configuration reviews
• Meet with development teams on a regular cadence to support the secure development lifecycle (SDLC).
• Perform web application penetration testing on new features and releases.
• Use BurpSuite for: o Web app pentesting o Writing custom plugins o Customizing workflows
• Triage SAST/DAST findings and guide engineering teams: o Requires strong code comprehension o Experience reading intentionally vulnerable code o Able to review code in: Python, Java, Spring
• Hands on experience using SAST/DAST tooling.

Benefits

• Medical, dental & vision
• Critical Illness, Accident, and Hospital
• 401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available
• Life Insurance (Voluntary Life & AD&D for the employee and dependents)
• Short and long-term disability
• Health Spending Account (HSA)
• Transportation benefits
• Employee Assistance Program
• Time Off/Leave (PTO, Vacation or Sick Leave)