Application Security Engineer
United States (Remote)
Granicus
Digital Civic Engagement for Government with the latest in cloud technology that connects 250 million people with 5,500+ government organizations.Granicus is looking for an experienced Application Security (AppSec) Engineer to join our security team. The AppSec Engineer will support all processes and technologies required to drive continuous improvement of secure software development practices across the enterprise. This role will work closely with Head of AppSec, security team and the development teams to (1) ensure secure SDLC standards are met, (2) application security tools, processes and measures are operating correctly, reliably and provide value and (3) work directly with software development teams, support them in improving the security posture of their code.
What You'll Do:
- Number one: Prevent malicious attacks and data leaks!
- Support the execution and maintenance of SAST, DAST and SCA tools
- Support assembling and maintaining vulnerability reports
- Perform security design and code reviews
- Find and implement solutions to mitigate application security vulnerabilities
- Work with dev teams on secure coding best practice and threat modeling
- Support the enforcement of the Secure SDLC
- Perform internal penetration tests and application security assessments
- Assist with resolving application security production issues, zero-day vulnerabilities and malicious use of our systems
- Perform reviews of open tickets, supplying recommendations and to analyze trends; proactively identify problems and implement avoidance measures
- May provide secure development process evidence to auditors and clients
- Assess new technology needs/requirements, make recommendations, and engineer approved solutions
Who You Are:
- Bachelors degree in Computer Science, Information Technology, or related field
- 5+ years in Software Development, proficient in: C#/.Net/ASP.NET, Ruby or PHP
- PHP Preferred
- Full Stack developer but prefer a candidate with strong client side (i.e., JavaScript, jQuery, Angular) skills
- Solid understand of the OWASP Top 10 and/or SANS 25
- Experience with SAST, DAST and SCA tools
- Application Security level administration of web servers (IIS, Apache)
- Enterprise SaaS or web-hosted software knowledge
- Relational database experience (Oracle preferred)
- Familiarity with API’s using SOAP & REST calls.
- Familiarity developing applications through automated CI/CD and orchestration services, such as GitLab
- Understand of agile/SCRUM SDLC processes
- Used ticketing systems such as JIRA or a bug tracking system
- Self-starter with a high degree of technical, organizational, and problem-solving skills
- Possess excellent verbal/written communication, people, and presentation skills, with a high attention to detail
- Familiarity with the following:
- Burp Suite, OWASP ZAP or other penetration testing tool
- Kali Linux and Metaspolit
Nice to Have:
- CISSP, CSSLP, CISM, OSCP, CEH or other security certification
- NIST, FedRAMP, FISMA, ISO, SOC experience
Benefits: At Granicus, we offer a competitive benefits package that allows employees to tailor benefits to their needs. Benefits listed below are for employees based in the U.S.- Flexible Time Off- Medical (includes an option that is paid 100% by Granicus!), Dental & Vision Insurance- 401(k) plan with matching contribution- Tuition & Training Reimbursement- Paid Parental Leave- Employer-paid Short and Long Term Disability Insurance, Group Term Life Insurance and AD&D Insurance- Group legal coverage - Transit and/or parking supplement for office-based employees- Free snacks and drinks in our offices- And more!
Granicus is committed to providing equal employment opportunities. All qualified applicants and employees will be considered for employment and advancement without regard to race, color, religion, creed, national origin, ancestry, sex, gender, gender identity, gender expression, physical or mental disability, age, genetic information, sexual or affectional orientation, marital status, status with regard to public assistance, familial status, military or veteran status or any other status protected by applicable law.
Tags: Agile APIs Application security ASP.NET Burp Suite C CEH CI/CD CISM CISSP Computer Science DAST FedRAMP FISMA Full stack JavaScript Jira Kali Linux NIST Oracle OSCP OWASP Pentesting PHP Ruby SaaS SANS SAST Scrum SDLC Security assessment Vulnerabilities
Perks/benefits: Competitive pay Flex vacation Health care Insurance Medical leave Parental leave
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Cyber Security Engineer jobs
- Open Principal Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Senior Information Security Analyst jobs
- Open Cyber Security Specialist jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Chief Information Security Officer jobs
- Open IT Security Analyst jobs
- Open Cybersecurity Consultant jobs
- Open Consultant SOC / CERT H/F jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Security Researcher jobs
- Open Cybersecurity Specialist jobs
- Open Senior Security Architect jobs
- Open Sr. Security Engineer jobs
- Open IT Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open SaaS-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open APIs-related jobs
- Open Java-related jobs
- Open Security assessment-related jobs
- Open Malware-related jobs
- Open DevOps-related jobs
- Open Security Clearance-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open Kubernetes-related jobs