Sr. Application Security Engineer
Senior Application Security Engineer
What you’ll be doing:
In this role, you will develop, implement and maintain security solutions and mechanisms throughout corporate and production environments. This is a hands-on role requiring in-depth knowledge of IT security principles along with heavy security operations experience. You will be expected to have a “can-do” attitude and work independently to drive solutions.
Your core priorities will be to:
- Conduct code reviews and security testing for new projects and initiatives
- Research and recommend emerging security technologies/tools to address current and future threats
- Participate in security incident response when necessary
- Perform internal/external application pen tests
- Lead projects independently while working collaboratively with the team to ensure its success
- Run annual application security training for software developers
What you should have:
- Experience with security testing tools such as Kali, Metasploit, Burp Suite, OWASP ZAP, etc.
- Proficiency with application pen testing and vulnerability assessments
- Experience with OWASP security concepts and discovering vulnerabilities such as XSS, XSRF, SQL Injection, Cookie Manipulation, etc.
- Understanding of static code analysis products
Nice to have:
- Experience with Ruby, Rails, or PostgreSQL
- Understanding of git and version control
- OWASP certs, SANs, and pen testing
- Experience with threat modeling and attack surface design
About our team:
Our IT Security Engineering Team works alongside our teams in Systems, Monitoring, Application Engineering, and Network Engineering to deliver top notch and secure infrastructure and automation solutions. We are experts in the IT security field, but are also well-versed in applications, development life cycles, and automation techniques. We have passionate debates about technology with consensus in solutions, flexible team structures, an irrelevance of title in problem solving, and a desire to Do The Right Thing.
We currently use a multitude of Security tools such as Palo Altos, Cisco ASAs, F5 technologies, ForeScout, Proofpoint, CyberArk, Nessus and Splunk SIEM to provide security controls throughout the environment. Our server and application platform primarily runs on Vmware and several workloads exist in Amazon, with plans to expand services into the cloud.