IvantiIvanti provides solutions for IT asset management, IT service management, endpoint security, supply chain management & more. Discover the power of unified IT management when you get in touch with us today.
- 8+ years of experience in web application security, SSDLC, Threat Modeling
- Experience implementing, running and maintaining tools and/or processes to reliably identify security issues such as SQLi, XSS, CSRF, and business logic flaws across large code bases (SAST, DAST, PenTesting, Security Unit Testing, etc.)
- Ability to triage, reproduce, recommend remediations and implement fixes for vulnerabilities
- Passion for understanding and researching vulnerabilities and exploitation techniques
- Knowledge of development and integration tools and technologies (e.g. CI/CD)
- Knowledge of test automation frameworks and how they can be brought to bear for security QE
- Practical knowledge of applied cryptography and common attacks against modern cryptographic algorithms (encryption at rest, TLS, hashing, etc)
- Ability to work in a self directed environment that is highly collaborative and cross functional
- Educate application developers to enhance quality of security in the code
- Programming experience with Java web application & Python
- Knowledgeable regarding backend security topics such as secret management and service authentication
- Perform penetration tests and coordinate third-party vendor Pen Tests
- Rating the severity of defects and publishing comprehensive reports detailing associated risks and mitigations
Who you are
- Innate curiosity and ability to learn. Individuals should be confident in picking up new technologies and pivoting when the role requires, given the fast-paced agile development environment we support.
- Critical thinking and troubleshooting are paramount. Practical, creative solutions to difficult problems are key.
- Passion for security. We’re looking for people who genuinely care about working to create a secure product with modern, agile facing practices.
You are an ideal candidate if you have
- B.S. Computer Science or similar combination of education and experience
- Deep software development experience (Java, iOS and Android APIs, Web, Python)
- Good communication skills
- Have an excellent working knowledge and ability to educate others on common vulnerability types, including SQL/command injection, XSS, CSRF, and SSRF
- Have experience in web, database, information and/or infrastructure security
- Know and love learning about the latest security tools, infrastructure, and industry best practices
- Enjoy working across and being a resource for other engineers and sharing your knowledge of secure coding practices
- Experience in authentication and authorization: SAML, OAuth, LDAP, AD, etc
- Sound understanding of app security vulnerabilities, defense techniques and security best practices, including language-specific security measures and present-day threats
- Deep security subject matter expertise in at least one major public cloud provider (AWS, GCP, Azure)
- Experience with deploying and securing SaaS applications and cloud environments at scale
- Working experience with CI/CD pipeline, containerization (Kubernetes, Docker, etc) and MicroServices
- Coordinating bug bounty (VRP) programs and assisting with remediation
- Develop a broad and deep technical understanding of products, services and architectures.
- Leverage this understanding to conduct architecture reviews, threat modelling and code reviews on web applications, mobile applications and other relevant services.
- Work with developers to refine security checkpoints in Development cycle that are based on industry-accepted security standards and represent Security Platform in development at various stages of SDLC.
- Interpret security tools and penetration testing results to stakeholders, providing advice on vulnerability remediation and risk mitigation.
- Create relevant documentation and metrics to your stakeholders and business leaders and deliver these in a clear, concise manner.
- Research and maintain proficiency in attacker Tools, Techniques, Procedures and other security topics.
- Propose and develop training materials to help raise the security bar across the organization.
- Develop innovative and scalable tools, solutions, and processes to enhance product security operations.
Other jobs like this
Senior Application Security Engineer (BE - Java Code Audit)Application security Auditing Audits Blockchain Code analysis Crypto Finance Java Vulnerabilities
Career development Competitive pay Flat hierarchy Flex hours Relocation
Explore more Cyber Security career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cybersecurity in general, filtered by job title or popular skill, toolset and products used.
- Open Cyber Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Penetration Tester jobs
- Open Senior DevSecOps Engineer jobs
- Open Application Security Engineer/Architect jobs
- Open Senior Security Operations Engineer jobs
- Open Cyber Threat Intelligence Analyst jobs
- Open Staff Security Engineer jobs
- Open Head of Information Security jobs
- Open Lead Security Engineer jobs
- Open SOC Analyst jobs
- Open Cyber Security Analyst jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Cloud Security Automation Specialist jobs
- Open Senior Threat Intelligence Analyst jobs
- Open Offensive Security Engineer jobs
- Open Information Security Officer jobs
- Open Cloud Security Operations Lead jobs
- Open Azure Security Engineer jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open DevOps-related jobs
- Open Application security-related jobs
- Open Analytics-related jobs
- Open Audits-related jobs
- Open PCI-related jobs
- Open OWASP-related jobs
- Open Threat intelligence-related jobs
- Open Clearance-related jobs
- Open Security assessments-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open Splunk-related jobs
- Open Ruby-related jobs
- Open CEH-related jobs
- Open Encryption-related jobs
- Open CISM-related jobs
- Open GDPR-related jobs
- Open Agile-related jobs
- Open Open Source-related jobs
- Open Threat detection-related jobs
- Open OSCP-related jobs
- Open Intrusion detection-related jobs
- Open Machine Learning-related jobs
- Open DevSecOps-related jobs