Web Application Security Engineer

Retail / Wholesale - Corporate

Web Application Security Engineer

Visa candidates are welcome to apply

Shopping has changed more in the past five years than in the past five decades, and going forward, retailing will require investing more in people and technology. With the rapid changes in retail, it is critical that technology be a strategic enabler for our company to accelerate delivery, be adaptive to market changes, and effective in rapidly delivering solutions to meet the needs of our customers. The Web Application Security Engineer works as a member of the Information Security team.

Primary Responsibilities:
• Performs static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
• Supports the implementation and enforcement of secure design principles according to policies, standards, and patterns of Information Security.
• Serves as a Subject Matter Expert (SME) in web application security for enterprise projects during development phases to provide Information Security consulting and recommendations, ensuring the implementation of approved security requirements.
• Develops and implement manual and automated web application security testing of e-commerce web applications to enforce security standards.
• Works with security product vendors and service providers to evaluate security offerings, including product evaluations, proof of concept and pilot installations

Qualifications:
• Bachelor's degree in Computer Science, Software Engineering or related field or equivalent combination of education and experience
• 5-7 years of experience in performing penetration testing, secure code review, static, dynamic and manual source code review.
• Experience in identifying and remediating common web application vulnerabilities such as OWASP Top 10.
• Experience in use of various commercial and open source penetration testing tools and methodologies and performing penetration testing of web applications and operating systems.
• Familiarity with APT attack and kill chains.
• Experience with various code repositories including GitHub and Apache Subversion (SVN)
• Experience with continuous integration servers such as Jenkins and ElectricCommander

5+ to 7 years experience

SCREENING QUESTIONS
Do you have experience performing penetration testing?
Do you have experience identifying vulnerabilities within a web application?
Are you ok working in SF or Pleasanton?
Do you have examples consulting enterprise level development projects?
Are you ok taking a 75 question assessment?

All your information will be kept confidential according to EEO guidelines.