DescriptionIntroduction:
Are you a security expert with a deep understanding of application development and the skills to secure every layer of the software stack? Do you have the technical know-how to identify vulnerabilities before they become exploits and the passion to work alongside developers to build secure applications from the ground up? If you're someone who thrives on ensuring that applications are secure, scalable, and resilient to modern threats, then our client has an exciting role for you. We’re looking for an Application Security Engineer (aka The Code Defender) to safeguard our applications and make security a key part of the development process.
Imagine being the champion of security in a fast-paced environment, where you work with development teams to create secure code, perform vulnerability assessments, and respond to potential threats. As the Application Security Engineer at our client, you’ll ensure that our software is built securely from day one. This role is not just about detecting vulnerabilities—it's about embedding security into the software development lifecycle and enabling our teams to develop robust, secure applications.
Key Responsibilities:
- Secure Software Development Lifecycle (SDLC):
- Collaborate with development teams to integrate security into every phase of the software development lifecycle. You’ll ensure that security best practices are followed from initial design to deployment.
Code Review and Vulnerability Assessments:- Conduct thorough security code reviews and vulnerability assessments to identify weaknesses in applications. You’ll use tools like static and dynamic analysis to detect flaws and work with developers to resolve them.
Application Penetration Testing:- Perform penetration testing on web, mobile, and cloud-based applications to identify security vulnerabilities. You’ll simulate real-world attacks and ensure that applications can withstand modern threats.
Security Tooling and Automation:- Implement and manage security tools that integrate into the CI/CD pipeline, automating security testing for continuous integration. You’ll deploy tools like SAST, DAST, and RASP to catch vulnerabilities early in the development process.
Security Awareness and Training:- Provide guidance and training to developers and product teams on secure coding practices, OWASP Top Ten vulnerabilities, and threat modeling. You’ll build a culture of security awareness and make developers security champions.
Threat Modeling and Risk Assessments:- Conduct threat modeling exercises to anticipate potential attack vectors and weaknesses in application architectures. You’ll prioritize risks and provide actionable security recommendations to mitigate potential threats.
Incident Response and Remediation:- Assist in the detection, response, and remediation of security incidents affecting applications. You’ll provide post-incident analysis and help implement measures to prevent future vulnerabilities.
RequirementsRequired Skills:
- Application Security Expertise: Strong understanding of application security principles, including secure coding, cryptography, access control, and authentication. You should be familiar with common vulnerabilities like SQL injection, XSS, CSRF, and SSRF.
- Penetration Testing and Code Auditing: Hands-on experience with penetration testing and auditing code for vulnerabilities. You’ve used tools like Burp Suite, OWASP ZAP, or similar platforms for security testing.
- Development Background: Solid experience in at least one programming language (such as Python, Java, JavaScript, C#, etc.), and a deep understanding of web technologies like HTML, CSS, and APIs. You can speak the language of developers and identify security flaws in code.
- DevSecOps Integration: Experience working in a DevOps or CI/CD environment, with a focus on automating security testing in the development pipeline. You’re familiar with tools like Jenkins, GitLab CI, or Azure DevOps for continuous integration and testing.
- Communication Skills: Ability to explain complex security issues to both technical and non-technical teams. You’ll need to work closely with developers and other stakeholders to ensure security is a shared priority.
- Problem-Solving and Analytical Thinking: Strong problem-solving skills, with the ability to prioritize risks and find innovative solutions to secure applications without impacting performance or usability.
- Humor: A great sense of humor, because we believe in fostering a productive and enjoyable work environment. If you can keep the team motivated while discussing OWASP vulnerabilities, you’re our kind of engineer.
Educational Requirements:
- Bachelor’s degree in Cybersecurity, Computer Science, Software Engineering, or a related field. Equivalent experience with a proven track record in application security is also valued.
- Certifications such as Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Certified Secure Software Lifecycle Professional (CSSLP), or similar are highly desirable.
Experience Requirements:
- 5+ years of experience in application security, with hands-on experience in securing web, mobile, or cloud-based applications. You’ve successfully identified and mitigated vulnerabilities in production applications.
- Proven experience in performing secure code reviews, penetration testing, and vulnerability assessments using both manual and automated methods.
- Experience in industries with stringent security requirements, such as finance, healthcare, or e-commerce, is a plus.
BenefitsBenefits:
- Health and Wellness: Comprehensive medical, dental, and vision insurance plans with low co-pays and premiums.
- Paid Time Off: Competitive vacation, sick leave, and 20 paid holidays per year.
- Work-Life Balance: Flexible work schedules and telecommuting options.
- Professional Development: Opportunities for training, certification reimbursement, and career advancement programs.
- Wellness Programs: Access to wellness programs, including gym memberships, health screenings, and mental health resources.
- Life and Disability Insurance: Life insurance and short-term/long-term disability coverage.
- Employee Assistance Program (EAP): Confidential counseling and support services for personal and professional challenges.
- Tuition Reimbursement: Financial assistance for continuing education and professional development.
- Community Engagement: Opportunities to participate in community service and volunteer activities.
- Recognition Programs: Employee recognition programs to celebrate achievements and milestones.a