Sr. Application Security Engineer
About The Position
As someone experienced with securing a wide variety of applications, you are looking for an opportunity to use your skills in an innovative and technology-oriented environment. As an Application Security Engineer at Esri, you will fill a critical role in helping secure Esri's intellectual property and sensitive data against a variety of complex threats with support from all levels of leadership. Our Application Security team collaborates closely with the application development, DevSecOps, and information security departments to design security into our applications up front, perform application layer security testing, and assist developers with vulnerability remediation. We value collaboration, pragmatic security, and continuous improvement. We welcome you to join Esri, where you can make a real difference every day!
Requirements
- 5+ years of experience in application security, including manual and automated code reviews, manual penetration testing, dynamic application security testing, and false positive analysis of code, pen test, and open-source security findings
- Demonstrated experience determining risk based on analysis/findings using a consistent risk management framework
- Proven ability to develop automations/applications using Python, Typescript, Java, or PowerShell
- Experience creating and maintaining reusable GitHub Actions workflows, with expertise in all aspects of GitHub workflow management
- Hands-on experience working in a DevSecOps environment built on Kubernetes with a strong knowledge of Kubernetes security best practices
- Ability to read and analyze code for security and design vulnerabilities
- Solid understanding of common web application security standards (HTTP, OAuth, OIDC, REST, and more)
- Experience working with cloud platforms, specifically AWS and Azure
- Willingness to learn new skills and enhance workflows using various AI tools
- US citizenship and willingness and ability to maintain a US Security Clearance
- Bachelor’s degree in computer science or related field
Nice To Haves
- Proficiency in any of the following languages: C#, Python, Bash/Shell, PowerShell, JavaScript, SQL, Java
- Familiarity with AI-assisted coding practices, including tools such as GitHub Copilot, and an understanding of the security implications and risks introduced by AI-generated code
- Practical experience interpreting findings from application pen testing, code scanning and open-source scanners to determine the risk and collaborate with developers to resolve them
- Understanding of layer 2-7 communication protocols, common encoding and encryption schemes, and algorithms
Responsibilities
- Design, operate, and continuously improve application security testing capabilities and pipelines
- Assess application risks and recommend mitigations
- Perform application layer security reviews of the code developed by our application teams, across multiple languages and frameworks used internally
- Assist with application layer penetration testing to identify potential issues
- Provide application security guidance and mentorship to development teams as needed
Benefits
- medical
- dental
- vision
- basic and supplemental life insurance for employees (and their families)
- 401(k) and profit-sharing programs
- minimum accrual of 80 hours of vacation leave
- twelve paid holidays throughout the calendar year
- opportunities for personal and professional growth
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Senior
