Application Security Engineer

View full description

Requirements:

• Strong foundations in software engineering.
• Minimum of 7 years of technical experience with any combination of threat modeling, secure coding, identity management and authentication, software development, cryptography, system administration, and network security.
• Minimum 2 years experience with Software Development Life Cycle in one or more languages (Rust, Python, Go, Nodejs, etc.).
• Minimum 1 year experience with public/private cloud environments (Openshift, Rancher, K8s, AWS, GCP, Azure, etc.).
• Experience in running assessments using OWASP MASVS and ASVS.
• Working knowledge on exploiting and fixing application vulnerabilities.
• Strong background in threat modeling.
• In-depth knowledge of common web application vulnerabilities (i.e. OWASP Top 10).
• Familiarity with automated dynamic scanners, fuzzers, and proxy tools.
• Analytical skills for problem solving and offensive security tactics.
• Highly effective communication skills, both verbal and written.

Responsibilities:

• Play a lead role in developing and designing application-level security controls and standards.
• Perform application security design reviews against new products and services.
• Track and prioritize all security issues.
• Build internal security tools that help fix security problems at scale.
• Perform code reviews and drive remediation of discovered issues.
• Enable automated security testing at scale to measure vulnerability and report on risk across all microservice, web, and mobile platforms.
• Execute security tests on thousands of servers which are spread across on-premise and public cloud data centers.